The Political Economy of Privacy:

The Public and The Private in The Digital Age

A Dissertation in Preparation for the

MA DIGITAL MEDIA
Swansea University

Huey S. Tan
570886

OCTOBER 2010

1
 Table of Contents

Abstract...................................................................................5
Acknowledgements...................................................................6
Chapter 1: Introduction.............................................................7
Part 1: Critical Background......................................................10
Chapter 2: Historical analysis...................................................10
Chapter 3: Literature Review...................................................10
Chapter 4: Methodology..........................................................10
Part 2: Comparative Analysis...................................................10
Chapter 6. Discourse Analysis..................................................10
Chapter 7: Comparative Analysis..............................................10
Chapter 6: Conclusion..............................................................10
Appendix (Interview Transcripts).............................................10
Interviewee #1: David Blunkett (Former Home Secretary 2001-2004)
....................................................................................................10
Interviewee #2: Lord Richard Allan of Hallam (Director for Public
Policy, Facebook, former Liberal Democrat MP 1997-2005)..............10
Interviewee #3: Tom Watson (Labour MP 2001-2010)......................10
Interviewee #4: Richard Clayton (Security Researcher, Computer
Laboratory, University of Cambridge).............................................10
Interviewee #5: Ross Anderson (Professor of Security Engineering,
Computer Laboratory, University of Cambridge)..............................10
Interviewee #6: Joe Bonneau (PhD Student, Security Group, University
of Cambridge, former Crytographic Scientist).................................10
Interviewee #7: Steven Murdoch (Researcher, Security Group,
University of Cambridge, and member of the TOR project)...............10
Interviewee #8: Dr. Gus Hosein (Policy Director, Privacy International)
....................................................................................................10
Interviewee #9: William Heath (VRM entrepreneur and digital rights
activist, Chair of Open Rights Group)..............................................10
Interviewee #10: Becky Hogge (UK based music and technology
writer, former executive director of the Open Rights Group)............10
Interviewee #11: Christine Zaba (UK based journalist and digital
rights campaigner, union liaison officer for NO2ID).........................10
Interviewee #12: Michael Cross (UK based journalist and regular
columnist for The Guardian and The Telegraph)..............................10
Interviewee #13: Martin Moore (Director, Media Standards Trust). . .10
Bibliography...........................................................................10

2
Bibliography

To John, my best friend, my significant other and my Welsh partner of twenty-five years, who
gets me, who respects me, and who inspires and challenges me with his integrity, devotion,
and intelligence.

To my mum and dad, whose unconditional love is my compass in life.

To Mary and our discourse of family, food, ethics, politics, soaps, period dramas and the
critique of the lifestyles of Britons in the last century set in a magical 18th century cottage in
village of Penclawdd. To my extended family in Swansea, thank you for enveloping me in
family life and community, and teaching me how to “cwtch” like only the Welsh do. To
Wales, my adopted homeland and my inspiration. To Swansea, the attractions of modernity
are not for you - your coastline shines more brightly than city lights and your heart sings
with poetry to inspire Dylan. To the breathtaking beauty of Gower, the wild horses and
spring lambs roaming the salt marshes, I shall return someday I hope to write my first novel.

And death shall have no dominion.

Dead men naked they shall be one

Though lovers be lost love shall not;

And death shall have no dominion.

Dylan Thomas
Twenty-five Poems (1936)

3
 To the Singapore educational system, a disciplinary institution, of which I am an
amalgamated product of Western and Confucian learning in unequal parts.

…there may be a ‘knowledge’ of the body that is not exactly the science of its functioning,
and a mastery of its forces that is more than the ability to conquer them: this knowledge and
this mastery constitute what might be called the political technology of the body.

(Discipline and Punish: The Birth of The Prison, Michel Foucault, 1979)

4
Abstract

This dissertation will critically analyze the notion of privacy within “a computational
knowledge society” (Berry, in press, 2010: 8). The traditional notion of privacy as a bundle
of rights to protect the individual against invasions by the state is coming under tremendous
pressure technologically, commercially, bureaucratically, and by the self-appropriation of
privacy by individuals. These forces are driven by the power of the audience as a commodity
because “audience power is produced, sold, purchased and consumed, it commands a price
and is a commodity” (Smythe 1981 cited in Durham and Kellner, 2006: 233). These forces
are transforming existing and new iterations of laws, norms and conventions around privacy.
I will be conducting an analysis of the perceptions of the private and the public in the digital
age, through a review of the relevant literature on the private and the public (including a
historical contextualization), on privacy and freedom, and on privacy and the disciplined
society (in the Foucauldian sense). As part of a comparative analysis, I will conduct a
discourse analysis of my interviews with MPs (including former Home Secretary, David
Blunkett), activists, journalists and technologists to elicit their perceptions of the private and
the public. Throughout this dissertation, I am informed by a political economy of the media
(Berry 2008: 20, Mosco 2009: 21-36). In the end, I hope to provide some answers to three
key questions– why are the private and public sector collecting private data (consumers and
citizens)? Is the commodification of privacy tantamount to the end of the private sphere?
What are the consequences for privacy in a computational information society?

5
Acknowledgements

Left to my own devices, I probably would.

(Pet Shop Boys, Introspective 1988)

I am indebted to the interviewees, David Blunkett (and his aide Ben Hamilton), Richard
Allan, Tom Watson, Richard Clayton, Ross Anderson, Gus Hosein, Christine Zaba, William
Heath, Michael Cross, Becky Hogge, Martin Moore, Steven Murdoch and Joe Bonneau, for
their gift of time, for their gift of knowledge and being a critical part of the process for
writing an MA dissertation. Thank you.

To David M. Berry and William Merrin for a Masters course taught in the spirit of an open,
reciprocal dialogue, for their appreciation of humanity and the social totality. I have regained
my passion for writers and their books, and credit goes to the MA Digital Media course and
to the recommended reading list. Most of all, to David and William, for making the books
come alive through their opposing and yet complementary philosophical approaches.

I am indebted to David for critical insights in the political economy, philosophy, his cutting
edge knowledge of digital media research (the Computational Turn) and his patience for
guiding me through the arduous technical writing of an MA dissertation. David’s own story
of transition from private sector to academia has served to be invaluable insight in my own
journey in personal development.

I want to thank my iPad for a superior user experience.

Finally, I stand on the shoulders of these giants (in rhizhomic order) - Foucault, Silverstone,
Latour, McLuhan, Callon, Winner, Rhinegold, Manovich, Hayles, Heidegger, Arendt,
Smythe, Mosco, Deleuze, Bourdieu and so many more. Berry and Merrin too…

Chapter 1: Introduction

6
In this dissertation, I want to critically analyze the notion of privacy within “a computational
knowledge society” (Berry, in press, 2010: 8). By “privacy”, I mean the traditional notion of
privacy as a bundle of rights to protect the individual against invasions by the state. Privacy
continues to come under tremendous pressure on several fronts – technologically (in the
context of surveillance technology in society), commercially (in the commodification of the
consumer’s data in the private sector), bureaucratically (the automated processing of the
private citizen’s data in the public sector), and the self-appropriation of privacy by
individuals (qua consumer or citizen). These forces are driven by the power of the audience
as a commodity because “audience power is produced, sold, purchased and consumed, it
commands a price and is a commodity” (Smythe 1981 cited in Durham and Kellner, 2006:
233). By “computational knowledge society”, I mean “a society that is more dependent on
the computation of information”, where “people rarely use the raw data, but consume it in a
processed form, relying on computers to aggregate or simplify the results for them” (Berry, in
press, 2010: 8). In this panoptic system of controls (Gandy 1983: 42), “computers run
software that is spun like webs, invisibly around us, organising, controlling, monitoring and
processing” (Berry, in press, 2010: 9). I refer to the Foucauldian meaning of the Panopticon
as “a privileged place for experiments on men, and for analyzing with complete certainty, the
transformations that may be obtained from them” (Foucault 1977: 204).

This dissertation looks at the shifting perceptions of the public and the private in a data-
driven, information rich and computational knowledge society. Firstly, in the critical
background, I will provide a historical overview of the private and public sphere, review the
literature on the disciplined society, and review the methodology that I have applied in
conducting research for this paper. Secondly, I will conduct a discourse analysis of my
interviews with actors and change agents on the private and the public, under four social
clusters – (i) MPs (including former Home Secretary, David Blunkett), (ii) activists, (iii)
journalists, and (iv) technologists – leading to a comparative analysis of their discourse in
three key areas – (a) the private and the public, (b) data and economics, and (c) the state and
freedom. Throughout this dissertation, I am informed by a political economy of the media
(Berry 2008: 7-10, Mosco 2009: 21-36).

The recursive nature of technology is forcing us to re-examine our notions of actual and
perceived privacy. Technology in its broadest sense is described as “extensions of man”
(McLuhan 2001: 4) that serves to extend our bodies in one state (e.g. a hammer as an
unbroken fist) and to amplify our senses and consciousness in another (e.g. the transfer of

7
secret thoughts onto paper)1. In these technology-enhanced states, we are like fish in a pool –
immersed in technology, oblivious of the humming machinery in the background. In different
states of “being”, technology is an empty signifier, or a mode of revealing (Heidegger et al
2006: 37)2 of a different reality. Technology is also capable of distortion, from ideology or
culture (norms, practices or rules), to reveal a social dimension to technology (Arendt, 1969:
4 cited in Chadwick and Howard, 2010: 244) 3 or an inherently political agenda (Winner,
1980).4 The plethora of devices and technology used to interface, and to extend our senses,
to share and distribute personal details, including who you are with, where you go, what you
are doing and with whom, is the technology pool of a new generation melded by the social
and technical worlds (Nissenbaum 2010: 4). A constructivist view5 of technology is helpful
to decipher the sensory relationship we have with technology, and how it shapes the
knowledge we embrace.

A socio-technical environment is incursive and it represents a shift from old media to new
media. Old media is related to the logic of industrial mass production of standardization and
conformity (Manovich 2002: 28), as represented by the broadcast model of the media
industries (Merrin 2008 cited in Hoskins and O’Loughlin 2010: 10) 6. New media is the logic
1 It is outside the scope of this dissertation to examine the meaning of McLuhan’s “extensions of man”. The next best thing
is to rely on his description in the Gutenburg Galaxy: the making of the typographic man, as follows – “Today man has
developed extensions of practically everything he used to do with his body. The evolution of weapons begins with teeth and
the fist and ends with the atom bomb. Clothes and houses are extensions of man’s biological temperature-control
mechanisms. Furniture takes place of squatting and sitting on the ground. Power tools, glasses, TV, telephones, and books
which carry the voice across time and space are examples of material extensions. Money is a way of extending and storing
labor. Our transportation networks no do what we used to do with our feet and backs. In fact, all man-made material things
can be treated as extension of what man once did with his body or some specialized part of his body” (p. 4).
2 Martin Heidegger in Being and Time puts forward the notion of an empty signifier or a mode of revealing - “Whenever a
phenomenological concept is drawn from primordial sources, there is a possibility that it may degenerate if communicated in
the form of an assertion. It gets understood in an empty way and is thus passed on, losing its indigenous character, and
becoming a free-floating thesis” (p. 37).
3 Andrew Chadwick explains Arendt’s interpretation of the social dimension of technology by reference to retreat from the
public sphere into the private sphere, citing Arendt “the specific and usually irreplaceable in-between which should have
been formed between the individual and his fellow men” (Arendt 1969: 4) is lost, in the event that political action retreats
into the private sphere (e.g. the fear of surveillance by technology leading over time to the withdrawal from political action
by individuals) – see Andrew Chadwick, Routledge Handbook of Internet Politics, p. 244.
4 Langdon Winner in Do Artifacts have politics (1980) made the simple observation that technology is not neutral at all.
Opening up the black box of any technology reveals the technical design infused with the social, political, cultural
manifestations resulting from negotiations between different stakeholders over societal wealth and power. The perils of
technological determinism especially in the case of the transparent society is people become blasé and accept technology
impositions in society as a given and uncontestable. Winner says resistance is not futile.
5 As an example, Lawrence Lessig in Code and other laws of cyberspace (1999) argued that the software code that is the
substratum of the Internet can be shaped by architecture and design, private sector commercial interests and government
policymaking, such that cyberspace is not inherently “free” or “democratic”. It is entirely possible to influence technology
and its outcomes through human agency in a technologically constructivist view, and this is the opposite to a technologically
determinist view.
6 Hoskins is referring to the observation made by William Merrin (2008) of the broadcast model – “In place of a top-down,
one-to-many vertical cascade from centralised industry sources we discover today bottom-up, many-to-many, horizontal,
peer-to-peer communication”.
8
of a post-industrial society, user customization rather than mass standardization, “…the shift
of all culture to computer-mediated forms of production, distribution and communication”
(Manovich: 2002: 30). It is argued that the primary state of technology is recursive, which is
the technical capability of collecting, storing, re-mediating and sharing personal data on a
massive scale, with little or no distinction given to the public or the private. When the
recursive is applied to the privacy of an individual, it is manifested as an incursive change
and the corresponding secondary and tertiary ramifications, such as equality, freedom,
fairness and justice, are overlooked (Winner 1991 cited in Edelbach and Winston 2006: 91).

I take this argument further and show that we need a high level of self-awareness in a socio-
technical society to ensure the survival of privacy as a virtue in society, and to resist the
technological determinism of full transparency in society. People and society dictate the
extent and limits of transparency in society, but we should not underestimate the role of
technology in influencing such decisions. The capacity to recognize the distorting force of
technology on reality can be developed through a humanistic approach to technology:

I have sought to show technicians that they cannot even conceive of a technological
object without taking into account the mass of human beings with all of their passions
and politics and pitiful calculations, and that by becoming good sociologists and good
humanists they can become better engineers and better-informed decision makers
(Latour 1996: 8).

The study of recursive technology in a computational knowledge society with its incursive
implications for human values, such as dignity, freedom, choice, control and power in
society, is a study in McLuhan terms, of the technological extension of humanistic values:

For technologies are social things, suffused with the symbolic, and vulnerable to the
eternal paradoxes and contradictions of social life, both in their creation and in their
use. The study of the media…in turn requires such a questioning of technology
(Silverstone 1999: 26).

To analyze the recursive and incursive, requires scalable theoretical concepts and practical
tools that are capable of tackling the big picture view of privacy in the context of big society
and big data, and to narrow its focus on the micro-tension of privacy and technology. By big
society, I mean the vision of the Conservative-Liberal Democrat’s government “to put more
power and opportunity into people’s hands”7 called the Big Society Program. Big data is
7 The Big Society Program was announced by Prime Minister David Cameron and Deputy Prime Minister Nick Clegg on
18 May 2010 as a “new era of people power at the center of the new Government” through a cross-government program that
promises to create a climate that empowers local people and communities, building a Big Society that would roll back big
government, bureaucracy and Whitehall power - www.cabinetoffice.gov.uk/media/407789/building-big-society.pdf
9
about the data deluge8 in society today, the use of computer clusters modeled on Google, the
power of data correlation to replace the scientific method. Big data includes one of the
promised goals of the Big Society Program to publish government data by creating a new
‘right to data’ so that “government-held datasets can be requested and used by the public and
then published on a regular basis”9. The idea is to derive value from these datasets, which
inherently will contain a mixture of data from the public and private sphere.

In the context of what we are trying to achieve set out in the preceding paragraphs, finding
the right tool for the right job is a challenge in such a demanding topic. The theoretical
framework chosen for this paper is a political economy approach (Berry 2008: 7-10, Mosco
2009: 21-36). Political economy in the traditional and narrower sense is “…the study of
social relations, particularly the power relations, that mutually constitute the production,
distribution, and consumption of resources, including communication resources” (Mosco,
2009: 2). The importance of privacy in the narrow sense of political economy is about the
balance of power – where and with whom power over privacy rests today, who are the
producers, distributors or consumers of privacy, and the role played by technology in blurring
these categories. This paper rejects the disciplined society, and the police-like attempts to rein
in and cordon off ideas. Instead, this paper embraces a realist epistemological view:

I have sought to show researchers in the social sciences that sociology is not the
science of human beings alone – that it can welcome crowds of nonhumans with open
arms, just as it welcomed the working masses in the 19th century (Latour 1996: 8).

At the macro level, this involves an investigation of the modern soul (Foucault 1977: 23) and
the transformation of a socio-technical environment (Nissenbaum 2010, Gandy 1983).
Privacy is akin to the dark matter of our lives – unseen but certainly felt, it fills the vast void
of our social and human interaction. The recursive nature of the “embedded, hidden, off-
shored or merely forgotten about” software (Berry, in press, 2010: 10) is exploiting the dark
matter of privacy. Political economy at its broadest and most ambitious sense is “the study of
control and survival in social life” (Mosco, 2009: 3). In the discourse on privacy, the loss of
control is a political issue since technology is confronting how we organize and manage our
personal information, and also, how we react to unpredictable or unexpected adaptations and
changes to privacy, such as, privacy breaches. Control in society is as an indicator of societal
8 In a Wired magazine article on 23 June 2008 entitled “End of Theory: The Data Deluge Makes the Scientific Method
Obsolete”, Chris Anderson described the Petabyte Age where petabytes of data are stored in the cloud, where we are forced
to view data mathematically first and establish a context for it later because it is no longer stifled by a three or four
dimensional taxonomy, it is statistically agnostic. In fact, forget about ontology, psychology, and linguistics, even sociology.
Moving into a zettabyte age, the scientific method of “hypothesize, model, test” will be turned further on its head.
9 The Big Society Program - www.cabinetoffice.gov.uk/media/407789/building-big-society.pdf
10
responses to socio-technical systems and processes, how we organize and adapt to change.
Individuals trying to regain or restore privacy lost, exhibit the need to preserve the “modern
soul” (Foucault 1977). The outcome of exerting control is survival, and the process of getting
there is inherently economic since it involves the processes of production and reproduction.
This broad view is useful for Big Society built on Big Data. To get to the nitty-gritty of
privacy and technology, it is necessary to engage those in the business of privacy, how they
operate and what they are thinking. At the micro-sociological level, while we appreciate
political economy is the study of the affective power of social relations on the production,
distribution and consumption of resources, we are aware of the limitations of McLuhanism:

But it misses the nuances of agency and meaning, of the human exercise of power and
of our resistance. It misses, too, other sources of change: factors that affect the
creation of technologies themselves and facts that mediate our responses to them.
Society, economy, politics, culture. Technologies, it must be said, are enabling (and
disabling) rather than determining. They emerge, exist and expire in a world not
entirely of their own making (Silverstone 1999: 21).

Therefore, I will support theory with discourse analysis of my interviews with actors and
change agents on the private and the public, under four social clusters – (i) MPs (including
former Home Secretary, David Blunkett), (ii) activists, (iii) journalists, and (iv) technologists
– leading to a comparative analysis of their discourse in three key areas – (a) the private and
the public, (b) data and economics, and (c) the state and freedom. In the end, we hope to
answers questions about big society and big data – why are the private and public sector
collecting private data (consumers and citizens)? Is the commodification of privacy
tantamount to the end of the private sphere? What are the consequences for privacy in a
computational information society?

Part 1: Critical Background

Chapter 2: Historical analysis

In this chapter, I will provide a historical overview of the private and the public, starting with
18th and 19th century Europe as the birthplace of the modern public sphere (Habermas 1989)
and the public man (Sennet 1992), returning to the Aristotelian distinction of the oikos (the
private realm of the household) from the polis (the public realm of the political community)
as the conditions and possibilities for a human and democratic public life (Arendt 1958), and
fast forward to the present day amalgamation of the public and the private under the auspices

11
of the information society (May 2002, Mattelart 2003, Berry 2008). As a starting point, I will
draw from two primary works – The Structural Transformation of the Public Sphere by
Jurgen Habermas (Habermas 1989) and The Fall of the Public Man by Richard Sennet
(Sennet 1992) – to provide a historical context on the social conditions in a Western society
where the distinctions of the private and the public came about, and the rise of democratic
debate based on arguments, not status (Calhoun 1992:1) -

By “the public sphere” we mean first of all a realm of our social life in which
something approaching public opinion can be formed. Access is guaranteed to all
citizens. A portion of the public comes into being in every conversation in which
private individuals assemble to form a public body (Habermas 1974: 1).

The “realm of our social life” was a reference to early 18th century coffee houses in London
and Paris, the watering holes for elites, where rational discussion, debate and consensus took
place in the “bourgeois public sphere” (Habermas 1974: 51). Set in diverse urban settings,
with society elites coming together, the coffee houses were reminiscent of an early Internet,
with education, entertainment and other (legal or illegal) activities. It was the birthplace of
the “cosmopolitan” as “a man who moves comfortably in diversity; he is comfortable in
situations which have no links or parallels to what is familiar to him” (Sennett 1992: 17).
This was the birthplace of the public man, as a new class order. Sennett provides a similar
account of the 18th century “cosmopolis” – streets catered for relaxed strolling, coffee houses,
cafes and other social centers, elites mixing with labor classes, strangers walking among
strangers, sellers vying competitively for unknown buyers, new modes of speech, dress or
interaction (Sennett 1992: 17-19) – the existence of the public man was separate and distinct
from the life of family and close friends.
Within the realms of civility by the public man, and the claims of nature by the family, the
18th century public man managed the two spheres “and the complexity of their vision lay in
that they refused to prefer the one over the other, but held the two in a state of equilibrium”
(Sennett 1992: 18). This state of equilibrium harks back to the public life of the ancien
regime (examined later with Arendt). The 18th century equilibrium in public life was however
unsettled and broken. By the late 19th century, the public man had turned towards valuing the
individual, the self, and its own opinion (Sennett 1992: 19-24). Sennett blames the forces of
capitalism and secularism in the 19th century for the crisis of the public life, along with four
conditions – “the involuntary disclosure of character, superimposition of public and private
imagery, defense through withdrawal, and silence”. He argues that these conditions are still
evident in the present day, and the consequence is a society in self-denial:

12
 The obsessions of selfhood are attempts to work out these conundrums of the last
century, by denial. Intimacy is an attempt to solve the public problem by denying that
the public exists. As with any denial, this has only made the more destructive aspects
of the past the more firmly entrenched. The 19th century is not over yet (Sennett
1992: 27).

Next, I will draw on the historical context given to Aristotelian notions of the private and the
public. In ancient Greek times, the distinction of oikia (the private realm of the household)
from polis (the public realm of the political community) was critical as opposing forces
(Arendt 1958: 24). Arendt describes the notions of labour and work as being centered in the
household – labour is a necessity for maintaining life, but it is temporal, extinguishable (by
consumption or attrition) and must be renewed. Humans are slave to labour; hence humans
are animal laborans (Arendt 1958: 22). Work corresponds to the building of an artificial
world and unlike labour, the “things” are durable and independent of original creation.
Humans are homo faber (Arendt 1958: 22), the builder of tangible or intangible creations.
Most importantly, work is different from labour in three ways – it can shape the “animal” in
humans, it is controllable by humans and its manifestations are inherently public. Action, or
the freedom to act freely, was the third human condition. Neither the activity of labour or
work can be considered as “action” because labour is tied to necessity, and work is dedicated
to the creation of non-human artifacts by necessity of nature. To be considered “action,” the
highest order of Arendt’s human condition, the activity must be constituted by freedom that is
not subordinate to anything else but itself. For Arendt (and Aristotle), action is a public state
of being, and experienced as a social interaction with others as part of a political way of life.
Work and labour are pre-political in Greek times because they are tied to family, home and
the household where necessity rules. In the bios politikos, the public is political because it is
defined by action (praxis), speech (lexis) and political organization:

To be free meant both not to be subject to the necessity of life or to the command of
another and not to be in command oneself. It mean neither to rule nor to be rule
(Arendt 1958: 32).

The rise of the “social” challenged the Greek notions of the private and public realms. Arendt
traces the confusion of the “political” with the “social” from the Latin translation of zoon
politikon as animalis socialis or “social animal”, i.e. the political as the social. This
misunderstanding of the political as social stretched from ancient Greek into Roman-
Christian times, and arguably, into the modern day. The social realm is neither private nor
public, it is aligned to the 19th century public man (Sennett 1992), “which found its political
form in the nation-state” (Arendt 1958: 28). Arendt argues that the rise of the “social”
13
whereby politics and economy were replaced by “collective housekeeping”10 (Arendt 1958:
28) caused the blurring of the two spheres. The imagery of “housekeeping” as an economic
unit designed to incorporate family into “society”, managed by the political organization
called the “nation” prevailed. Freedom was turned on its head, and tied to labour (as a basic
human necessity) and work (the world of things, such as institutions and artifacts). What was
originally confined to the household invaded the public realm (Arendt 1958: 29) –

…since with the rise of society, that is, the rise of the “household” (oikia) or of
economic activities to the public realm, housekeeping and all matters pertaining
formerly to the private sphere of the family have become a ‘collective concern. In the
modern world, the two realms indeed constantly flow into each other like waves in the
never-resting stream of the life process itself (Arendt 1958: 33).

Finally, I will draw from various authors about the “the information society” to complete the
historical overview of the private and public. The “information society” is a reference to a
market economy in information (May 2002: 6) commonly referred to as “a shift in Western
economies from the production of goods to the production of innovation” (Berry 2008: 43).

The transition from a Fordist11 industrial mass-production economy to a post-Fordist12 digital

information and technology based economy (Hardt and Negri 2000: 290) is characterized by
the production of low-cost, high volume commodities based on information, creating a
surplus of goods and services; which in turn creates a market economy in the consumption of
information, communication and knowledge (Berry 2008, Drahos and Braithwaite 2002,
Mattelart 2003, May 2002). This marks a shift in society from labor as value, to knowledge
as value (Mattelart 2003: 78). Believers and non-believers in the information society have
debated over the last decade on its existence or not. The believers point to creativity and new
technology revolution, such as the rise of networks argued by Manuel Castells, “built around
the growing importance of knowledge and information to the generation of profit” (Berry
2008: 44). The non-believers point to mere continuation of historical developments “where
the defining logic of the vast majority of the global system” is capitalism (May 2002: 43).

How is this related to the public sphere? For Habermas, the public sphere sits neatly between
family life and the state. The mutation of the public sphere into “a realm of mass cultural

10 Arendt description of “collective housekeeping” refers to “the image of a family whose everyday affairs have to be
taken care of by a gigantic, nation-wide administration of housekeeping” (Arendt 1958: 28).
11 Mass production in a Fordist era meant there was a certain reliance on sufficiency of demand, and the need to received
feedback from the market to improve production was limited. (Hardt and Negri 2000: 290).
12 Post-Fordist era is based on the Toyota model where the planning for production involves communication with the
markets constantly and immediately (Hardt and Negri 2000: 290).
14
consumption and administration by corporations and dominant elites” (Kellner cited in Hann
2000: 264) marks the decline of democracy, individuality and freedom in the late 19th century
known as the “re-feudalization” of the public sphere –

The transformation involved private interests assuming direct political functions, as

powerful corporations came to control and manipulate the media and state. On the
other hand, the state began to play a more fundamental role in the private realm and
everyday life, thus eroding the difference between state and civil society, between
public and private sphere (Kellner, cited in Hann 2000: 264).

Citizens dedicated to passive consumption and concerns of self-regulation instead of issues

related to the common good and democratic participation, characterized the decline of the
public sphere. The public sphere was dominated by the mass media, the state, and the
“culture” industry (Horkheimer and Adorno 2002) of giant corporations that usurped the
public sphere through marketing, advertising and pubic relations, to manufacture “public
opinion” through opinion polls and so-called media experts. Habermas argued that the state,
the corporation, the capitalist society and its machinery perpetuate mass consumption and
passive disinterest in the rational-critical debate.
In the weakened state of the public sphere, arose the imaginary information society. The
discursive power of the information society has had some real effects, verified by laws,
changes of norms and practices within industry and government, and leading to the greater
“informationalisation” of the economy (Berry 2008: 47). The analysis of the ownership and
control of knowledge and information as represented by software code (Berry 2008) is in
many ways analogous to the increasing trend towards the commodification of the private
sphere, one of the main thrusts of this paper. With the “informationalisation” of the economy
exhausted by the capitalistic machinery, the “society” in the “information society” is the next
target of the capitalist machinery. It is argued in this paper that the private sphere, and the
bundle of rights known as privacy, pertaining to human dignity and freedom, is already being
subsumed by the capitalist machine and being turned into a commodity by the logic of late
capitalism (Jameson 1991). In the next chapter, we will review some of the literature around
the political economy of privacy and the theory of commodification.

15
Chapter 3: Literature Review

The purpose of this chapter is to review some of the primary discourses on privacy. The
literature on privacy is vast and extensive. Firstly, I will start with the literature on the
disciplined society (Foucault 1977) and the notion of surveillance or the Panopticon in
society (Gandy 1993). Secondly, I will discuss the literature on the private and the public, the
claims that privacy is dead (Garfinkel 2001), the claims of a transparency society (Brin 1998)
and privacy in context (Nissenbaum 2010).

In the introduction, I made reference to the Foucauldian meaning of the Panopticon as “a

privileged place for experiments on men, and for analyzing with complete certainty, the
transformations that may be obtained from them” (Foucault 1977: 204). Michel Foucault’s
Discipline and Punish: The Birth of The Prison traces the origins of the “modern soul” and
the rise of the “power to judge” (Foucault 1977: 23) from its roots in the French penal system
to the institutions of discipline and control in modern society today. Detailed discussion of
the Foucault’s seminal work is out of the scope here, however it is worthwhile to summarize
the tenets of Foucauldian philosophy as being grounded on four rules – firstly, punishment
should be regarded as a complex social function (not just a sum of its repressive effects or
limited to punishment alone); secondly, punishment should be treated as a political tactic (not
as a consequence of law or other social structures); thirdly, the technology of power should
be regarded as a cross-disciplinary exercise (as an amalgamation of the history of punishment
and the history of human sciences); and fourthly, changes in the methods of punishment
should be studied as a means to understand “the political technology of the body” for a
common history of technology and power (Foucault and Rabinow 1984: 170 – 171).
Foucault challenges the common assumptions about the prison - it is for the punishment of
criminals, and it serves the exclusive purpose of reducing crime in society - in that “the
systems of punishment are to be situated in a certain ‘political economy’ of the body”
(Foucault 1977: 26). The ability to conquer the body is the body politic i.e. the techniques or
the disciplines, that is needed to subjugate, infiltrate, train, monitor and exert control in a
disciplinary society because –

…the power exercised on the body is conceived not as a property, but as a strategy,
that its effets of domination are attributed not to ‘appropriation’, but to dispositions,
maneovres, tactics, techniques, functionings (Foucault 1977: 26).

16
In a disciplinary society, the body is regulated by techniques of surveillance, examination and
training to strike a balance between docility (repressed capacity for political disobedience)
and utility (empowered for increased productivity) (Foucault 1977: 138). Techniques of
observation, documentation and classification are used to standardize individuals, and if there
is deviance, gratification and punishment are applied to redress the imbalance. This is the
panoptic modality of power (Foucault and Rabinow 1984: 211).

Written fifteen years after Foucault, Oscar Gandy’s The Panoptic Sort: A Political Economy
of Personal Information opened up the black box that is the global “difference machine”
(Gandy 1993: 1) which he described as –

…a kind of high-tech, cybernetic triage through which individuals and groups of

people are being sorted according to their presumed economic or political value. The
poor, especially poor people of color, are increasingly being treated as broken
material or damaged goods to be discarded or so at bargain prices to scavengers in the
marketplace (Gandy 1993: 1-2).

Gandy’s political economy of personal information is based on three notions – (1) power as a
complex relationship - it cannot be weighed or measure empirically, (2) power as a dynamic
relationship – changes within the relationship also changes those who define the relationship
in the first place, and (3) inequalities between the individual and bureaucratic organization of
business and government interests (Gandy 1993: 3). Gandy’s themes are heavily influenced
by Foucault, in particular the concept of “a technology of power realized through the practice
of disciplinary classification and surveillance referred to as the panoptic sort” (Gandy 1993:
9). For Gandy, the panoptic system is about institutions with a shared sense of discipline,
education or rehabilitative purpose, and the use of technology not only for surveillance but
also for classification and isolation of subjects by category or type. It can be turned into a
laboratory, with machinery for experimentation that can lead to change of behavior, to train
or correct the behavior of individuals. And it reveals the willingness of the individual to be
defined and labeled by market research or some other measurement of statistical data.
Objectification is becoming an important aspect of the power and knowledge relationship,
especially in social networks.

The functions or processes that are characteristic of the panoptic sorting machine is based on
three processes – identification (based on history, record or resources, related to authorization
and authentication), classification (based on the measurement of one or more attributes – the
17
institutional bias to seeing patterns where none exists) and assessment (based on standards
and assumptions of normality and bounds of reasonableness and acceptability) (Gandy 1993:
15-17). The point is to de-contextualize the individual, in order to emphasize the power of
the system over the individual.

Technology is enabling the deployment of panoptic structures invisibly throughout society –

this can be specific to hardware e.g. CCTV, RFID chips, mobile phones, or this can be based
on a panoptic form of observation by software e.g. the ability of ISPs to track user behavior
on the Internet using the IP address or web browsers. Foucault used the term “Panopticon”
more generally as a metaphor for the emphasis on normalization and observation in modern
Western society. Gandy narrows down the micro-sociology of a political economy of
information to the process of commodification:

Not only is information a critical input into the process of rationalization and control,
but it has also emerged as a commodity in its own right…the commoditization of
information has not proceeded smoothly, in part because of the peculiarities of
information as a resource (Gandy 1993: 52).

At the time of Gandy’s writing, social networks as we know it today were not in existence.
He described the audience of the social networking sites in the following excerpts –

The panoptic sort, as the integrated control technology of the Information Age,
depends for its operation on ready access to information about individuals [and the
role of data as] made from the raw material of human experience (Gandy 1993: 53).

I agree with Gandy that the political economy of personal information is the data collected on
individuals. These are the raw materials used by private sector companies such as Facebook,
Google, Twitter, with the assistance of powerful data analytics software, to be turned into
commodities (e.g. profiles, ratings, etc) for consumption by advertisers. The advertisers, in
turn, using the profiles, ratings, etc market and sell their products and services directly to the
targeted user profiles, and who provided the data in the first place. It is the ease of use and
convenience of the Web 2.0 tools that are enabling the conversion of the raw materials of our
private information into commodities.

David Brin argues that technology is making us choose between freedom and privacy, and
therefore the best way to preserve our freedom is to accept the surveillance society and turn
surveillance back on itself by watching the watcher (Brin 1998). This solution is aimed at
addressing the issue of surveillance in society; by giving everybody access to the society’s
18
surveillance apparatus, like a neighborhood watch scheme writ large. To succeed, you would
need to fully acquiescence to surveillance technology and assume that this technology will
remain unchanged. To address the effects and consequences of a surveillance society, Brin is
willing to give up freedom to regain freedom, an idealized attempt to reclaim privacy lost.
The focus on the sensationalizing effects of privacy breaches, as an effective response to
privacy advocates, has led him astray. I reject the disciplined society and the surveillance
society. In the same way, I dismiss the claim that privacy is dead (Garfinkel 2001). Contrary
to uninformed opinion, privacy is kept very much alive by the discourse of the effects of
momentary and episodic events of privacy lost.

In the literature, there is an uncanny and recurring tendency to write about “the effects of new
digital technologies on our privacy” (O'Hara and Shadbolt, 2008: 4). The approach of
O’Hara and Shadbolt in this case is based on an empirical cost-benefit analysis of privacy.
This can be useful to highlight dangers posed by a laissez-faire approach or a general
reticence towards privacy risk; but this is a small aspect of the privacy conundrum. The main
problem with the cost-benefit analysis is it ignores the human and social element, reducing
privacy to purely about what you get against what you give, like a prized commodity. Putting
the problem of security in context by looking at threats, attacks and attackers is a good
approach to address the needs in each case (Schneier 2000: 14 – 22) is similarly an attempt to
put up defenses against surveillance. In response to Brin’s transparent society, Schneier has
argued that the criminal threats in cyberspace are nothing new, simply a mirror of the
criminal activity in the real world. This approach is tackling the “effects” of surveillance.
Although Schneier came close to the critical issue by reference to the surveillance
infrastructure installed in the United States under the guise of customer service (Schneier
2000: 32), he did not take this argument further. To focus on effects, means writers miss the
big picture - the institutional infrastructure set up for broad based monitoring of user behavior
is changing the way we behave because it reinforces our interaction with recursive
technology. The technology is shaping us, because it is surrounding us, because we are
docile, and we are uncritical of the utility of the technology (Foucault 1977: 138).

The other way of explaining the importance of privacy in society is to link the risks and
dangers of not protecting privacy with a framework of rights, values and ethics (Holtzman,
2006). This approach highlights the sense of urgency that is needed to address an
environment where our privacy is being threatened, and by whom. To attribute privacy as
being lost because of the panoptic nature of surveillance technology is one aspect of the

19
privacy challenge. David Holtzman argued that the privacy of the individual is being eroded
by concerns over security at the macro level. The fear of a loss of national security is
pervasive around the world, especially in the United States. In his analysis, there is no
question that specific circumstances call for privacy of the individual to be traded off for
larger security concerns. The issue with security is the tendency to over-compensate or to err
on the side of caution for the sake of completeness. Security can be applied in specific cases
after a careful examination of the trade-off between individual liberty and the protection of
society as a whole. What has happened in the US so far is that the trade-offs being made are
based on poor judgment calls, institutional bias and there are no checks and balances against
these decisions. But once the concept of the panoptic system of control is put in place, often
in the form of institutions (e.g. Department of Homeland Security), it is virtually impossible
to wrestle control out of these entities. A good example is the number of people on the US
database as terrorist suspects. It is possible to take a cynical view of this analysis as being an
over-reaction to the blanket of security overkill in the mass media and government.

It is argued that the idea of a transparent society is misleading because the presumptions that
underpin the technological possibilities of a transparent society are not matched by a society
with values grounded in social transparency. A better approach is to account for privacy
threats in the context of their environment and on this basis, you can try to predict, evaluate
and respond to them, similar to an early warning system for a hurricane or tsunami with the
anticipated disaster being a privacy breach or loss (Nissenbaum 2010: 2). For a society that
is amassing data in petabytes and zettabytes, loss of data is inevitable and we need to be able
to manage data breaches. Nissenbaum frames the value of privacy in the context of the
individual, in relationships and society at large. By looking at how socio-technical threats are
affecting these three key areas where privacy has value, this might produce some useful
insight. Nissenbaum’s approach, unlike the advocates of transparency, does not adopt a naïve
and simplistic division of privacy from business and other interests, or to push forward a
political agenda or a vested interest –

If interest-brawls are conceived as taking place at ground level, appeals to universal

human values and moral and political principles take place in the stratospheres of
abstraction because resolutions for real-world disputes are sought in the realms of
general values and principles (Nissenbaum 2010: 10).

I conclude that the discourse on privacy may be wide-ranging, but the discussion is
unnecessarily restrictive. There are two primary reasons for how we got to this unsatisfying
point in our analysis of privacy – firstly, the theoretical approaches used to analyze privacy
20
fail to elevate the discussion beyond privacy effects (with a few exceptions such as Oscar
Gandy), and secondly, the fact that privacy is closely associated with, and treated as a
technology as opposed to a dynamic and organic part of society or part of an institution or the
norms and the fabric of economic reality, has become a stumbling block for many writers. It
is argued in this paper that there is a need to return to rights based and humanistic view of
privacy, as opposed to a market based or needs based analysis.

21
Chapter 4: Methodology
The idea that there is a political economy around privacy – as a bundle of rights, interests,
preferences, and values, et al – is a disruptive way of thinking. In the traditional sense of
political economy, the focus is on how power works in society at the macro level of
institutions, government and corporations. In the contemporary sense of political economy,
the study broadens to examine the producer, the distributor and the consumer at the micro
level. The curious case of privacy is an excellent case study since the topic lends itself to
examination under the macro view of political economy and under the micro view, as a
specimen of human values and ethics that science and technology has attempted to claim as
its own domain (as exemplified by technologists and lawyers who want to make privacy their
own). The search for the meaning of privacy, and the importance of the role played by
privacy in transforming society, what it means to future generations to come, in the context of
digital media and technology is a noteworthy endeavor. In fact, in a world that is rapidly
dominated by software as the embedded code in a data centric, data driven society, it has
become a critical endeavor. A few political economists have taken on this task (Gandy 1993).
Like Gandy, the aim of this paper is to contribute to the discussion, and further the research
into an explanation as to why privacy is important today and to our digital future.

There are three primary reasons for choosing the political economy approach as the method
used for examining privacy. Firstly, the focus of political economy is on the circumstances of
production (Lister 2009: 173 - 174), which invariably involves the investigation into the
economics surrounding the production, distribution and consumption of privacy. Secondly,
in a capitalist society, the issue of ownership of goods and services that is dependent on
access to, and control of individual privacy is a specific phenomenon, and this is affective of
the role played by state, law and regulation in determining how we will experience privacy in
a digital age. The scope of influence is not only about the state, but also corporations (Lister
2009: 174). Thirdly, the political economy approach is about the protection of values
underlying the production and distribution of wealth, and political economists such as Oscar
Gandy have focused on the threat to liberty. This goes to the erosion of privacy through the
collection and dissemination of statistical information on individuals stored in databases with
centralized means for access and dispersal. Oscar Gandy argues that the inequality of
information in an information age is ironically impacting the value of democracy as a
fundamental value in contemporary society (Gandy 1993).

22
A contemporary approach in political economy is to treat the audience as the primary
commodity “constituted out of a process which sees media companies producing audiences
and delivering them to advertisers (Smythe 1981, Mosco 2009: 136).” In the case of social
networks, not only can you get direct feedback and almost instantaneous response from the
user, but also the ability to control, monitor and measure audience reactions and behavior is
the crucial differentiator. Google uses its software code to construct audiences, advertisers
pay to access these channels, and audiences are delivered to advertisers. This is a refinement
of the traditional mass media model. It is the digitization process that creates new avenues to
commoditize content, due to increased scope and scalability for delivering the audience as a
commodity to advertisers. In this sense, the production of audiences for the general
capitalist economy is central to the commodification process, rather solely relying on the
production of ideology. Taking this argument further, the “audience” in the social media
model is constituted primarily by a bundle of rights that the audience has traded-off in return
for services received. These bundle of rights include the ability to control one’s personal
information. In this sense, the audience commodity is not limited to the production of an
audience, but the production of intrinsic rights, values and interests as part of the package that
is the commodity audience. What this means is one commodity can produce another
commodity or an immanent process (Mosco 2009: 141) – in this case, privacy as a
commodity is being produced as a result of the audience commodity. This goes to the
recursive nature of the commodification process as a result of the process of digitization.
Inherent in the commodification process is the need for monitoring, such that not only does
immanent commodification produce new sub-commodities, but it also creates powerful
surveillance tools that threaten privacy.

The commodification process relies on measurement and monitoring processes – traditionally

they include market studies, customer surveys – but with the advancement of technical
methods for data analysis, this has been extended to encompass sophisticated data matching
systems, and the development of demographic and attitudinal information. Mosco argues that
the A. C. Neilsen ratings system is an advanced example of immanent commodities, “…part
of a family of such commodities that grow out of the development of generalized monitoring
and surveillance procedures, that make use of advanced communication and information
technology” (Mosco, 2009: 142).

For a political economy approach to be considered a significant methodology towards the

understanding of privacy, it requires a focus on the process of commodification that is rapidly

23
moving toward an exchange value that “draws all organizations into the orbit of the
information business that produces immanent commodities” (Mosco 2009: 143). The process
and general framework of commodification will be reliant on the use of new and old ways of
profiling and surveillance to expand the production of media commodities (Mosco 2009:
143). The driving force behind this prying is commerce. The big growth area in online
advertising right now is ‘behavioral targeting’. Web sites can charge a premium if they are
able to tell the “make” of an expensive sports car that its ads will appear on Web pages
clicked on by upper-income, middle-aged men” (Mosco 2009: 143). The desirability of
these new products is not only driven by strong commercial incentives (e.g. ISPs wanting to
generate advertising revenue to compete with Google). There are similarities in the treatment
of privacy as a commodity form, with the treatment of communication as a commodity form.
The current debates on privacy are focused on the use and sharing of personal data and the
close links with online advertising revenue, specifically in social media networks. In such a
context, it is understandable that the focus of those advocating protection of privacy is on
corporate and state structures or institutions. In other words, the object of scrutiny is the
change of use or the sharing of the original data collected. This goes further than Gandy’s
political economy of personal information, which is focused on data as the raw material.

A political economy of privacy has to examine broader and wider considerations – the
commodification of the private sphere by corporations, the acquisition of the public sphere
for commercial initiatives by governments. This type of analysis has been applied to platform
software – the proprietary nature of platform software developed by Microsoft or Apple are
examples of the traditional political economy view, in which the realization of surplus value
(i.e. profit) is through the control that capital wields over the means of production. The
software developer, who writes computational code, sells his labor in return for wages, and
the capitalist mode of production turns this into a complete package of goods and services to
be successfully exploited in the marketplace, thereby earning a profit or surplus value. The
content that is the object of scrutiny is the software within the package of goods and services,
since it is treated as a powerful commodity because it generates profits and it is linked to a
brand with impact on our consumption habits.

Facebook and Google are no different in this respect from Apple or Microsoft, except that the
raw material in the case of the new media stalwarts is you, me and everyone else’s personal
data and our private lifestyle with all of the underlying rights. There has been a political
economy of personal information (Gandy 1993), a political economy of communication

24
(Mosco 2009) but there has not been a political economy of privacy. To stop at this juncture
of an exposition on privacy may appear as though we are ready to succumb to the combined
forces of capitalism and consumerism, and the modern form of the uber commodity of
privacy. That is not so. Specifically when it comes to addressing the notion of privacy, it is
argued that we are at the start of a process to better appreciate the combined forces of
aesthetics (as conceptualized by George Simmel) and reflexivity (as informed by Pierre
Bourdieu) as research tools to open up the black box of rights, values, preferences and
interests packaged up as privacy. Reflexivity is described as “every word that can be uttered
about scientific practice can be turned back on the person who utters it (Bourdieu and Nice,
2004: 4)”. Through the study of objective and subjective cultural elements together, it is
becomes a critical examination and understanding of the scale of cultural and political
production in ourselves and others:

Cultural studies in this sense involves an ethic of reciprocity, a mutual practice of

both speaking and listening, which is inextricably tied to taking seriously the
complexity of cultures. It is here that ethics (and politics) converge with method
(Couldry 2000: 5).

For George Simmel, the rise in the importance of aesthetics in a modern society resides in the
strategic role it plays in influencing and preserving identity and the boundaries for social
interaction (Simmel 1917 cited in DeNora 2000: 51). In the crowded environmental
conditions of the modern society, the soul of the modern citizen is under constant pressure
from societal control and increased scrutiny and surveillance. Survival demands the modern
citizen to embrace flexibility and variety, and seek refuge and solace in anonymity and
privacy, not in the sense of seclusion but rather as described by Tia Denora:

The self is called upon to be increasingly agile, to be able to manage perspectival and
circumstantial incongruity, as happens, for example, when individuals move rapidly
through numerous and often discrete worlds where personnel and values may clash
(DeNora 2000: 52).

Ironically, the modern soul’s search for solace and seclusion originally aided by technology
has been subsequently superseded by the very technology creating the virtual spaces and
enabling the development of the online self. If you were a conspiracy theorist, you would
imagine that the seed was sown for netizens to embrace their virtual self, to roam freely, to
create and freely express the self, and once the environment has been established, the so-
called creative industries have expanded their markets into these realms to capture and

25
control the proliferation of the modern soul in the form of the virtual self. At the practical
everyday life, individual actors “not only engage in self-monitoring and self-regulation; they
also seek out such “goods” as space, relaxation, pleasure and so forth” (DeNora 2000: 52),
which Denora describes as aesthetic reflexivity.

In the end, the fusion of the high art of conceptualizing of privacy and the practical realms of
privacy as a cultural “good” being re-imagined and re-constituted as part of everyday life, is
the underlying methodology. It is being tested as the productive consequence of the
computational humanities or social sciences. The study of the nexus between the humanities
or social sciences and digital technology is similarly at stake here, as much as the nexus
between privacy, technology and society. The parallels are there, and it is to situate the
study of privacy in its rightful digital context. There are several writers who have clearly
enunciated and recognized this research direction (Berry, in press, 2010: 28). Berry offers
one of the more plausible outcomes, looking into the future:

That is, of course, not to advocate that the existing methods and practices of computer
science become hegemonic, rather that a humanistic understanding of technology
could be developed…the project of humanity requires urgent thought, and we might
add even more so in relation to the challenge of a computationality that threatens our
understanding of what is required to be identified as human at all. (Berry, in press,
2010: 28)

Therefore, I am using discourse analysis as a research tool to highlight the use of language as
an instrument “to challenge power, to subvert it, to alter distributions of power in the short
and the long term (Wodak and Meyer 2009: 10). In a complex modern society, the use of
language is increasingly important instrument of power because it offers “an analysis of
power effects, of the outcome of power, of what power does to people, groups, and societies,
and of how this impact comes about” (Blommaert 2005: 1). It can make transparent any
structures used to legitimize power relations, and make visible the effects of language to hide
ideological domination, thereby effect change in society.

Part 2: Comparative Analysis

Chapter 6. Discourse Analysis

In this chapter, I will use discourse analysis to examine my interviews with various actors
who are leaders, advocates, professionals and experts in own fields, actively engaged in

26
discourse on privacy (Appendix 1), who are organized into four clusters – (i) MPs, (ii)
activists, (iii) journalists, and (iv) technologists, correlated to key issues - (a) the private and
the public, (a) data and economics, and (c) state and freedom. The aim is to reveal the
underlying positions on these issues in support of the arguments I make in this paper.

As part of the research process, I had chosen thirteen actors for the respective roles they play
as leaders, Members of Parliament, technologists, entrepreneurs, scientists, journalists,
activists or rights campaigners, and so on. Modern life is complex, so these actors tend to
wear several hats in their everyday roles – journalists who are technologists, technologists
who are bloggers, political figures in the private sector, privacy advocates in the government
arena, etc. The aim is to leverage the experience of the interviewees for their firsthand
knowledge of privacy “in action” and to reveal their thinking about individual practices that
have been changed or been transformed by privacy. In this way, we can start to understand
the power of privacy not only in terms of big society of corporations and governments but
also in the context of smaller society, of the individual whose privacy is bound in a tangled
knot with software code.

There are the questions I asked in my interview:

(1) Why is privacy important in the context of digital technology?
(2) Do you think the boundaries are shifting between the public and private?
(3) How can we manage privacy in this new environment, and who is threatening it?
(4) Do you think new laws are required to regulate this space?
(5) What are the most significant changes to privacy over the last 10 – 20 years?
(6) In your experience, how has privacy changed your everyday life?

The Private and The Public

MPs Former Home Secretary, David Blunkett agrees that the boundaries are shifting between
the private and the public. He attributes the shift to the mass participation in the virtual
“society” of social networks, and the acquiescence of individual users to social networks:

So many people over the last twenty years have believed that what they were
transmitting was ‘private’, including on MySpace. Even when they’ve recognized

27
 that it isn’t private, they become blasé about whether it ‘matters’ that it’s not
(Personal interviews, interviewee #1).

In addition, Mr. Blunkett points to the role of technology, including mobile phones and social
networks, in transforming what we thought was private into what is the public:

The private sphere, however, has transferred what was personal intercommunication
into the public sphere. Facebook (and other so called personalised social-networking
sites), together with texting and Twitter, have completely changed the way people
perceive their own privacy, their own activity and information, and the way they
quickly and, often without thinking, transmits this to others (Personal interviews,
interviewee #1).

Lord Allan is a former Liberal Democrat MP and currently Director of Policy at Facebook.
He takes the view that the notions of the private or the public have not shifted; rather the
change is what is technically accessible -

The fact that something is accessible, and again technology is driving access to that
information…doesn’t necessarily mean it is public. And one of those challenges is
how to distinguished between the public and the published (Personal Interviews,
interviewee #2).

Technology does not adapt to granular social settings, even in a social network environment,
and users are left to their own devices. Lord Allan believes individuals and groups will adapt
to these situations over time:

I would argue there needs to be kind of social norms around that, recognizing that
whilst the data is technically accessible the framing and the context of that event is as
a private event, and therefore, an outsider (and in fact this is typically what happens)
could see those photos and comment and join in the discussion of the wedding. But
they don’t and the reason they don’t is, I think there is a kind of understanding of
social norms that when that sort of information is published and shared, it is for that
group of people (Personal Interviews, interviewee #2).

Lord Allan believes some of these norms already exist, others norms will be developed over
time, as we learn to be “curators” of personal data. Just because private data can be accessed,
does not mean we should. Data out of context can be removed, reclaimed or re-authorized -

I think over time people will increasingly curate the stuff that they want out there,
delete other stuff as far as they can and expect other people to ignore the residual
information (Personal interviews, interviewee #2).

28
For many of us, the question of the boundaries, the shifts and flows between the private and
the public, remain largely unanswered. Tom Watson, Labour MP, instinctively believes that
there may be greater tolerance from individuals on what is public or private since we are in a
giant experiment with digital rights and privacy -

I mean people will be more relaxed about more people knowing more things about
you. I don’t think the theory has been proven yet. I just kind of think that there is
going to be so much out there about you, that when this generation of Facebook users
get their embarrassing 17 year-old photographs replayed to them at a job interview at
the age of 25, you will have a generation of personnel managers that have had that
done to them as well, people will just be more relaxed about it. In one sense, it might
actually be kind of liberating that we will just create a more tolerant society (Personal
interviews, interviewee #3).

However, Mr. Watson is clear in his mind that the role of government should not be too
prescriptive, and that the role of the state should be framing this important debate “allowing
the voices to be heard”, because “it is quite hard to know where government intervenes, what
is acceptable, and what is socially acceptable” (Personal interviews, interviewee #3).

Activists. By “activists”, I refer to general sense of bringing about social, political or

economic change, frequently by means of advocacy and sometimes by direct action. For
Becky Hogge, former executive director of the Open Rights Group, an organization
campaigning for digital rights and civil liberties, there is no discernible shift between the
private and the public. She believes that the ordinary person, when on social networks, treats
it as a relatively private space, and she hopes this perception will end up winning the day.
Like Lord Allan, she believes that social norms may prevail -

Even though in a café one can hear someone else talking about their relationship
problems with their best friend, earwig or pitch in to offer their own advice, social
norms will begin to develop hopefully, strengthened by whatever technical measures
we can come up with that work to maintain the idea of a private and a public realm
(Personal interviews, interviewee #10).

She is critical of social networking sites, including Facebook, that perpetuate a deception by
being “very mute on the fact that when you publish stuff on Facebook…you are actually
publishing to the web, which we understood up to now is a public space similar to media”
(Personal interviews, interviewee #10). Publishing of user’s wedding photos on Facebook is
no different from “Hello” magazine publishing wedding photos of the Princess of Sweden.

29
Christine Zaba, an activist with NO2ID the campaigning organization who singularly oppose
the British Identity Card, shares the view that the normal ordinary user has not made the
connection about the extent that Facebook profiles are viewable or accessible beyond a small
group of friends. The inherent contradictions for the private and the public isn’t a simple
question of perceived notions of private, since it is also tied up with ownership -

Hence it is perceived as private, it is not really public because it is owned by

somebody else, who may not be a public body, it may be a private corporation. That
whole area is very complex – it is not simply a public to private or private to public
shift at all. It is about ownership (Personal interviews, interviewee #11).

Similarly, Gus Hosein executive director at Privacy International, a non-profit organization

known for its work to protect and preserve privacy, is strongly opposed to the idea of any
shift in the private and the public. He believes the line between the two is there, and it is
strong. There may be changes but there is no shift –

It is the innovation thing – we are putting our toes in the water to see what can cross
over, and there is also the episodic nature of it all – where for a moment there, I want
to be public, but for a moment, there is half a billion people who want to be public,
but it is only for a moment. The history of Facebook is only 3 – 5 years. My mom
was on Facebook for about a month, and then she disappeared (Personal interviews,
interviewee #9).

For Gus, the problem is the way we talk about these things – the social commentators, the
media and everybody drumming it up to be the next big thing – without any historical view
and with little or no evidence to support these claims – “The Internet is not just Facebook”
(Personal interviews, interviewee #9).

When asked about the shift from the private to the public, William Heath who is equal parts
digital rights activist (chair of Open Rights Group) and Customer Relationship Management
(CRM) entrepreneur, says there has been a public policy shift from 2.5 categories of data
(public data, personal data and anonymized datasets) to two (public data and sensitive data).
Anonymized datasets, the “information that sits between you and others, because you have
touched others essentially”, was assumed to be anonymous after “stripping out the obvious
identifiers” (Personal interviews, interviewee #8). However, the emergence of technologies to
re-identify anonymized datasets, and the rise of companies using such technologies to trade in
re-identified data, has changed things. Mr. Heath provides a specific illustration -

So if somebody has cancer and is brilliantly treated by the NHS, and wishes to share
the medical record for research purposes then that is fine. As long as it is for research
30
 purporses, and it is explicitly permissioned with informed consent. If a
pharmaceutical company asks if it can have access to the same data, it is fine for the
individual to say Yes but I am going to charge you for it. I think that is the way it is
going to go (Personal interviews, interviewee #8).

Mr. Heath is very passionate about this change of heart in public policy terms. He attributes
this shift to the recognition by UK government of the growing resentment from the public on
the practices of data sharing, equivalent to an invasion of the private sphere -

People don’t like to think about the extent of duplication and sharing there is of their
data. When they start to think about it, they feel angry, depressed, overwhelmed…
one woman memorably said that I had given it out [her personal data] and it is
spreading out like an STD [sexually transmitted disease], and other people were
visibly jolted or thrown or feeling quite angry when they were asked to consider what
was happening to their personal data out there (Personal interviews, interviewee #8).

For Mr. Heath, there is a clear shift of the private to the public sphere, and this is causing a
lot of angst for consumers and citizens. He has spotted a niche in the imbalance between the
private sector and the personal data held on individuals -

We are at a funny stage where organizations have spent a generation building systems
on their side, which keep records about individuals. I think individuals don’t have
anything structured to compensate – they don’t have a counterpart – and I think this is
what urgently needs to be restored (Personal interviews, interviewee #8).

Technologists. Richard Clayton is a well-known technologist and researcher at the University

of Cambridge. For him, there is no shifting of the boundaries between the private and public.
He says we now have a culture where we expect privacy, derived from a historical transition
from a 1543 village with little or no privacy to the 18th and 19th century cities where privacy
is a necessary part of modern day living. The biggest threats to privacy is a lack of know-how
as to what is visible online, and ease of behavioral profiling -

To some extent, that [notion of privacy] is being eroded in the digital sphere because
people don’t fully understand what is visible, what they reveal about themselves
inadvertently, and if they did understand that, I think they wouldn’t do so, because we
know have a culture where we expect privacy and if you shut the door or closed the
curtain then what you do is private. And I don’t think people understand how to do
the same sort of thing in cyberspace (Personal interviews, interviewee #8).

31
Joe Bonneau, former crytographic scientist and currently PhD student at the University of
Cambridge, agrees with his colleague Mr. Clayton that it is not about having a public and
private realm. He is in favor of multiple realms and keeping them separate by “control” –

To me, I think of privacy more as giving people the ability to control what
information about themselves or about themselves and other people is shared with
other people. If people want to go to the beach and wear a bathing suit that is very
revealing, it is their choice but there is no aspect of privacy involved if chosen to
reveal that information…Whereas if they are changing clothes in the privacy of their
home and somebody is looking into the window, then you have this strong sense that
their privacy has been violated (Personal interviews, interviewee #6).

Do we have control of when we are moving from the private realm into a public realm, even
for the most savvy of users? Mr. Bonneau is skeptical of the way things are designed today
since software engineers do not consider the private or the public realms –

To the extent that people need to use the Internet, need to use email and probably
need to use social networks, to really stay a member of modern society, there are a lot
of things they have information about. Google is not strongly privacy preserving
search engine; most other companies don’t preserve privacy in a strong way (Personal
interviews, interviewee #6).

Ross Anderson, another well-known technologist who frequently gives expert evidence on
privacy before UK Government Select Committees, has a different take from his colleagues
Mr. Clayton and Mr. Bonneau. He argues that centralization of data has shifted the focus as
to who has the most incentive to access data. He talks about what happened in Scotland:

…they produced something called the Emergency Health Record for all five million
people, and about 80,000 people in the Scottish Health Service was able to access it.
And the first thing that happened, a nosy doctor went and looked up the records of
Gordon Brown…and various celebs and footballers…they caught him and decided
not to prosecute him because it would not be in the public interest (Personal
interviews, interviewee #5).

Mr. Anderson is of the view that Facebook does change the world and in a very radical way.
However, the change in the power of the individual to demand transparency from the state or
the corporation can be a double-edged sword –

It is a huge change and gives power to the individual to find out in terms of
transparency what companies and governments are up to. But it also gives power to
everybody else to find out about you. This was very positive for the individual but
with the move to social networking, the individual is I think disadvantaged. People
are under enormous pressure to use Facebook (Personal interviews, interviewee #5).

32
Steven Murdoch, security researcher and colleague of Mr. Anderson at the University of
Cambridge, agrees that social networking sites are enabling the shift of the private realm into
the public domain, due to the ease of use and convenience of the technology –

…people are giving a lot more information about themselves than they previously
have done so. To one extent, it is because they can. If you want to broadcast how old
you are then it would be strange to do that with your age on your head. Social
networking sites facilitate that a lot…So there are benefits in broadcasting that
information (Personal interviews, interviewee #7).

Journalists. Michael Cross believes that the boundaries have clearly shifted between the
public and private in historical terms –

The boundaries have shifted in the past, and you could argue that possible in some
spheres the pendulum swung too far towards privacy where you get these absurd
examples of data that should be in the public domain should be for community use
being protected because of privacy, maybe public health and crime examples. You
could argue that maybe the pendulum has swung too far in the direction of privacy,
and maybe it is time to start swinging it back (Personal interviews, interviewee #12).

Mr. Cross refers to examples by the state “which applies it in arbitrary ways, in ways in
which there is no comeback from the system, there is no reciprocity”, and by the commercial
sphere where “most customers were being conned, if they knew this was happening, they
would probably say no” (Personal interviews, interviewee #12).

Mr. Cross identifies health records in the UK to further illustrate his point. Historically, the
issue of who owned the patient’s health record was fudged when the National Health Service
(NHS) was founded –
For a long time, it was assumed that the person who held the record was the GP, and
the GP was holding it on behalf of the Secretary of the State for Health. This began to
change in the 1980s and 1990s with the idea of personal data protection rather than
privacy, that people had a right to their own information (Personal interviews,
interviewee #12).

Mr. Cross agrees with Mr. Anderson that the computerization of personal records has created
the possibility of a systematic search, and therefore, being able to find the data means that it
is more likely to be made public, and the summary healthcare record is a good example.

Martin Moore from the Media Standards Trust also agrees that there has been a shift in the
boundaries between public and private, which he attributes to technological advances that has
changed the technical capabilities of recording and publishing content –

33
 …the ease with which one can record, whether it is video record or audio record or
still photograph, and publish to the world, has meant that there are no limits on the
ability of an individual or someone else treating an individual, capturing aspects of
their life and publishing them to the world (Personal interviews, interviewee #13).

Mr. Moore describes the situation as not simply someone else recording and publishing our
lives against our will, but increasingly, we are recording and publicizing ourselves, and that
“makes it tremendously more difficult to establish where the line is between our private lives
and our public lives” (Personal interviews, interviewee #13).

The difficulty…have an awful lot of people who have not necessarily embraced
digital technology, and that who and probably still do have some of the older people
who have wider parameters around what they consider to be their private lives
(Personal interviews, interviewee #13).

Data and Economics

Technologists. Mr. Bonneau identified two data trends responsible for the shift between the
private and the public. Firstly, the increasing amount of data shared –

People are spending more time online, they are using more interactive services online
to interact with friends, their location is provided to services – this is essentially
everything you do online, computers record everything by default (Personal
interviews, interviewee #6).

The second trend is data analysis but some of us are better at doing this than others –

There are companies who have built themselves solely on the problem of looking at
huge data sets. Google is the one everybody knows about but there is an entire
ecosystem of smaller companies that analyze data for specific purposes (Personal
interviews, interviewee #6).

Some describe this as the “data deluge”, commonly associated with a transparent society
where all kinds of data (potentially including private) is shared without limitation –

The analogy that I have heard is data generation is like pollution in the digital world,
just sort of this by-product of everything you do is that you create a data trail that can
be analyzed by everybody. It is a problem that I guess society has to get a handle on,
what are the limits or rules on who can look at what data, just because data is
available does it mean it should always be considered ethical for groups to analyze it
(Personal interviews, interviewee #6).

34
Mr. Clayton refers to the business model of Facebook as dependent on its members revealing
their personal data so that the “lack of privacy is the product”. The economics of the business
is based on generating massive datasets from its membership for sale to advertisers:

The product of Facebook is the people who use it, who they can sell to advertisers and
therefore they need to know more about it. In a rather crass way they have gone about
basically ignoring everyone’s privacy concerns in order to have a better product to
sell to people. The difficulty people face is you can’t get actually very much from
Facebook if you don’t actually tell it anything…The lack of privacy is the product
(Personal interviews, interviewee #3).

There are ethical issues arising from the collection of private data. For Ross Anderson, the
keeping of records affect large minority groups, such as men with criminal records –

…in Britain, something like a third of men have a criminal record by the time they are
thirty. Also in most cases it is for some relatively minor thing…Nonetheless it can
have a very negative effect on employment prospects. In countries like Britain, we
have laws, which say that after a certain period of time depending on the seriousness
of an offence you are allowed to pretend that it never happened and allowed to make
sworn statements that you have no previous convictions. That can of course be
undermine by electronic technology (Personal interviews, interviewee #5).

On the issue of data permanence, Mr. Clayton is skeptical about the claims being made about
digitization and preservation of data –

Although we say it is a permanent future historians may decry the fact that it turned
out to be not very permanent at all. There is a very good argument that we are going
to know more about the Tudors and how they run their palaces than how Tony Blair
ran 10 Downing St because we were just moving into the digital age and as a result of
which almost nothing went on paper everything is sitting on spinning disks and if the
spinning disks are not properly preserved then we will know nothing about what
happened (Personal interviews, interviewee #3).

Furthermore, just because something is digital doesn’t mean it is being preserved –

There is a real distinction between digitizing stuff and preserving it. The Library of
Congress wants to preserve the tweets. If you want to understand the impact of a
particular pop issue or understanding privacy through Big Brother, I doubt you will be
able to view this in 2120…It is a counterpoint to the privacy thing. Today, you know
more about your neighbors but in 10 years time, you will know less about them
(Personal interviews, interviewee #3).

35
In his capacity as an entrepreneur and technologist, Mr. Heath is trying to solve the problem
of data and economics for the individual today, where it is not possible to self-verify or self-
authenticate in transactions with any organization. William’s proposal is based on -

…a rich personal data store, can invoke third party authentication or verification of
claims (I have a degree, I have a driving license, I am entitled to live here this is my
name and address, or I am a real person even though this is a pseudonym or the
equivalent in real life of the production of a gas bill, council tax bill that people have
done for years) and the ability to do selective disclosure.” (Personal interviews,
interviewee #8).

The radical component is the “open sourcing” of private data through a community interest
company, snappily entitled MyDex, which is described as -

“a new specific legal form…and it can be entrepreneurial but it is regulated in that it

has to serve a community purpose, and have a formal statement of community
purpose, the bulk of its profits have to go back to serving that community purpose and
it is asset locked (Personal interview, interviewee #8).

Journalists. Ms. Zaba take the view that ownership of private data does not take into account
the issue of human rights –

The Data Protection Act is about employers having your data. This is not about
employers, it is about other things, it needs to be deeper than that. Our data is
ourselves in the “digi-sphere”, and therefore, it needs some legislative protections.
(Personal interviews, interviewees #11)

And she concerned about the violation of human rights associated with personal data –

So the thought of being listed, named and having your ethnicity listed, and then the
mischief that can be done around that by criminals, malicious people, blackmailers,
and so on, is very much more real I think in Europe than in the States…in Britain, in
Europe there is a real fear [of the police state] and that’s why Germany is taking
Google to court (Personal interviews, interviewee #11).

Ms. Zaba also identifies the issue of reputation management as a significant issue because
digital technology has changed the notions of permanence for journalists –

A lot of what I write as a journalist and publish in newspapers on paper is now put in
the electronic sphere. Anyone who says anything about me is also there. That’s the
bigger change really. Because that changes everything about the way people perceive
you, it’s about reputation management (Personal interviews, interviewee #11).

36
She views that the right of the press to expose wrong doing is coming up against massive
invasion of privacy by the press, and there is currently no resolution –

I am not sure I agree there isn’t a public interest case for exposing [Max] Moseley
given that his family were fascist but you know, it is a huge responsibility on the part
of the media to address that thing that is permanent. I think that the media are not
really addressing that in terms of human rights, ethics and responsibility (Personal
interviews, interviewee #11).

Mr. Cross has a different view on data, economics and privacy –

My personal opinion is that privacy is maybe less of a fundamental human right; it is

more of a contingent right. The importance of technology is that it makes us think
about this, it makes us consider what is the private sphere and what is the public
sphere in a way that we haven’t before (Personal interviews, interviewee #12)

His view is that privacy is not a total good, and it comes with a price. He appreciates why we
should default on the side of protecting privacy but he argues to consider the option of putting
the burden on the state and the private corporation to make the case for sharing it –

…the Free Our Data Campaign which we ran through the Guardian and we have
largely won on the principle on the idea that government data should be available for
re-use. At the beginning, we said this should not be about personal data, it should be
about meteorological or geographical data. But you then get some situations where
you wonder if there is a divide or a blur between the two (Personal interviews,
interviewee #12).

Mr. Cross believes crime situations and death are public events. Mr. Cross also relies on the
argument of the “total information society” to argue for transparency in society –

Obviously we have a total information society, we are generating information about

ourselves in a process-able form all the time…there is no question it is a new
environment though possibly it is one that affects some types of people more than
others (Personal interviews, interviewee #12).

Activists. For Mr. Hosein, the issue about data and economics is figuring out “what do we
hold on to and what do we let go off” (Personal interviews, interviewee #9) –

I don’t think society wants to be Borg-like. I think that people do want to hold on to
human values and human rights. It is just that the pace of technological change does
not necessarily acknowledge it all of the time. That’s why you need groups like mine
[Privacy International] to feed into that development process (Personal interviews,
interviewee #9).

37
There is a certain sense of frustration with technology not meeting the expectations of people
who would prefer more privacy, more granularity in how and what they share –

…privacy is a constant frustration – not with privacy as a concept in itself…just

having to decide with this specter of permanence and inability to gradate or establish
thresholds. I want to be free, I want to be able to speak loudly and communicate; I am
just annoyed that the mechanisms we have today don’t let me do it the way I want to
(Personal interviews, interviewee #9).

Ms. Hogge observes that even as digital technology is making some things easier (such as
querying for data), it is also complicating our lives in other ways -

Digital technology complicates privacy because in the analog age…both paper and
people have a way to forget..With digital technology, you can have perpetual storage
of almost everything that you would intend to store…because the costs of memory
begins to be cheaper than erasing disks and reusing them…(Personal interviews,
interviewee #9).

Ms. Hogge can appreciate how data transparency may be a good thing in politics –
…I think that as we get a generation of politicians who will have their past totally
disclosed, that we might start being more honest that we are all fallible and yes we
should hold our public servants to account if they are misallocating resources…but if
they are sleeping with someone when they are married to someone else, of if they are
actually homosexual when they have never come out, who gives a damn. That is not
what the job is, and at the end of the day, we are all in beta, and we should be allowed
to make mistakes and learn from our mistakes (Personal interviews, interviewee #9).

As an activist, Mr. Anderson takes the view that the centralization of data will exacerbate the
problems of data profiling due to what he calls “security economics” –

…there are proposals now to move Britain’s medical records onto central databases.
And if this happens the game changes. Because the police are not going to a lady in
their fifties, who is a gynecologist and whose patient privacy and business model are
all directly under threat by this request, they are simply going to a 24 year old shift
supervisor at British Telecoms who runs a database. This is about security economics
and who has the most incentive to find it (Personal interviews, interviewee #9).

As an activist, Mr. Clayton agrees with Ms. Hogge and Mr. Anderson about “false positives”
created by data and there is a cost to society that is not often considered –

Tesco… said “Dear Mr. Clayton, as a vegetarian…” but I am not a vegetarian….I just
don’t happen to buy any meat at Tesco. So I was really cross that Tesco was accusing
me of being a vegetarian. Data jumps to a conclusion as they are usually correct. [In
this case] Tesco made a deduction and the deduction is incorrect. Why should people
make deductiosn about your online behavior? (Personal interviews, interviewee #5).

38
MPs. Mr. Blunkett takes the view that we need to better understand technology’s impact on
data sharing in particular, the dangers presented and the safeguards –

The sophistication of our modern society, the necessity of ever more sophisticated
datasets, the requirement in the modern era for information, and the imperative for
easy access and transport of such data, have all changed dramatically. The one area
where we still need to understand better the safeguards required (and where the
greatest fear exists) is data sharing. This is clearly something where some change…in
the law is required, but where Parliament has found it extremely difficult to legislate
satisfactorily (Personal interviews, interviewee #1).

For Mr. Watson, the issue with data is a permanent footprint –

I think as a society we are stil working out notions of privacy, and taboos and social
acceptability in a digital age as people’s lives unfold on the Net. We still got to test
those things out but one thing where I think we need to get to a point where citizens
own or possess their own data. And that is not easy. When people die, who owns
their web pages? (Personal interviews, interviewee #3).
Mr. Watson takes the view that the line may have been crossed with data harvesting -

I guess the threat now is people harvesting data for commercial use, in the sense that
they passed the line on what people think is right or wrong. You only need to look at
Facebook – when Facebook changed their private settings and their consumers don’t
buy into it, there is an explosion. But this is all about people testing the waters
(Personal interviews, interviewee #3).

Mr. Watson also believes in transparency about the government’s data sharing practices –

…government should publish in a single place a data sharing register – that means
every piece of transaction is shared, every piece of data it transacts with itself is out in
the public domain for public scrutiny, so government can lead by example and use its
leverage to set the example (Personal interviews, interviewee #3).

State and freedom

Journalists. Ms. Zaba takes the view that digital technology has a direct impact on freedom –

Because digital technology keeps a record of everything, and therefore, if everything

is known about people, then they no longer have freedom and it narrows down
people’s choices (Personal interviews, interviewee #11).

Ms. Zaba says that digital technology is being used to manage old ideas “the same idea of
numbering and cataloguing people…is not a new idea – the census was in the 19th century – it
has been going for 200 years (Personal interviews, interviewee #11) but who is the enemy –

39
 Anyone who looks – I don’t know – it is a good question. I don’t think it is big
brother as much as Kafka. It is the bureaucracy itself, the bureaucratic machine…The
police hate Facebook because they are always getting people who are bullied and
stalked and harassed on Facebook. It is already happening but it is not happening to
the extent that it could or may happen. And there is still a chance to stop it, I think
(Personal interviews, interviewee #11).

Mr. Cross believes there needs to be more understanding about the spectrum shared by
traditional privacy and freedom of information –

There is absolutely a private sphere, which is what goes on inside your head that is
private. There is the Article 8 sphere, family life, which is the household privacy but
that is not absolute. The state has the right to break down the door if they think there
is something going on. And then there is the stuff that is out there for all (Personal
interviews, interviewee #12).

Mr. Moore identifies “who has control over which space of information” as a central issue for
journalists and the provides the following example to illustrate the problem –

We see that when you hear stories of young people committing suicide – it is called a
digital death’s knock. The journalist has to go in and grab things from their Facebook
profile, to go into tribute sites and to take quotes and other things from tribute sites.
Those are questions, which are very central to aspects of journalism and certainly, not
resolved yet (Personal interviews, interviewee #13).

Activists. Mr. Hosein takes the view that technology doesn’t have the kind of impact on
privacy that we are led to believe in the press, etc –

I think privacy and autonomy have a stronger link that most other rights….I find it
highly offensive when a company tries to say society has changed because of what we
are doing, and then all of a sudden, government ministers say society has changes so
we can do as we please (Personal interviews, interviewee #9).

Ms. Hogge said that the United Kingdom is “the most ‘surveilled’ country in the world” and
the consequences of this condition are not clearly understood –

…the fact is that if I was on any kind of state benefit, then any number of council
workers could have access to my current address, and it would just take one payment
to a corrupt council officer for whoever was pursuing me to find that data. Then if you
want to pursue the fantasy of a sort of an intolerant regime coming into power, all
sorts of minority groups from women who chosen to have abortion, to homosexuals or
Jewish or any religious minority (Personal interviews, interviewee #10).

40
Ms. Hogge identifies behavioral advertising as a specific area of concern that has not been
addressed because the government doesn’t really understand the consequences of surveillance
in the UK society –
The reason why the law has been so ineffective is because it hasn’t dovetailed with
the political agenda, and the political agenda has been about data is power – it is
almost 1.0 response to digital technology – it is very naïve, you can see why it
happened in this country (Personal interviews, interviewee #10).

She is concerned the state in holding massive amounts of data on the citizen –

But it does worry me when I hear about places that I would say, on the spectrum of
democracy that is quite low maybe China, starting a country wide genetics database.
Because you think that information is too powerful for the state to hold, and
especially when the state can’t be held accountable for its actions (Personal
interviews, interviewee #10).

She is also concerned this information can be easily taken out of context, including the
problem of seeing patterns where patterns don’t exist i.e. false positives –

It is the Cardinal Richelieu thing, it is the potential for just one piece of that dataset to
be taken out of context to incriminate you at some point in the future…and obviously,
troubling to a lot of people…[the] phenomenon called apophenia…making
assumptions about people that is not only taken out of context but assumptions that
have no basis in reality at all. When you see human rights and civil rights activists get
very upset about privacy in a digital age, it is that sort of practice that they are
concerned about (Personal interviews, interviewee #10).

As an activist, Ms. Zaba takes a historical view of the role of technology and freedom –

It is not a new idea – the census was in the 19th century – it has been going for 200
years. I think it is a consequence of the industrial revolution where large
constituencies of people have moved around the place and the state wants to keep an
eye on them, tell them what to do…I think the numbering of huge quantities of people
and the cataloging of them is an aspect of the modern age. So the new technology is
being applied to the mission (Personal interviews, interviewee #11).

Technologists. Mr. Heath believes that there is an issue with many of the state created and
controlled identity architecture as the “permissioning hub” of everything we do in our lives,
which he believes should not be a role for the conventional for-profit business or for the state
but there is a niche to be filled by the notion of “community interest” –

My concern after 20 years of looking at government was that all the IT that they were
doing were going in one direction – it was all about centralizing, sort of
disempowering the individual, taking down barriers to data sharing, and there was this
41
 fallacy that they could create some sort of deep truth about the individual by sharing
all the intrusive and also inaccurate datasets they had across dozens of government
departments (Personal interviews, interviewee #8).

Mr. Bonneau is concerned about an asymmetrically transparent world, that can create
inequalities in society and imbalances of power –

…I don’t hear people talk about enough is a world where the world is transparent to
some groups who have the power to analyze it, and to deal with the huge amounts of
data, and to most people, they don’t have that advantage. It is a sort of an asymmetric
transparent society…A lot of privacy advocates if you drill down they are more…
concerned about systems where governments have access to data that other people
don’t have (Personal interviews, interviewee #6).

Mr. Bonneau is also concerned about an asymmetrically transparent world, that can create
inequalities in society and imbalances of power –

…I don’t hear people talk about enough is a world where the world is transparent to
some groups who have the power to analyze it, and to deal with the huge amounts of
data, and to most people, they don’t have that advantage. It is a sort of an asymmetric
transparent society…A lot of privacy advocates if you drill down they are more…
concerned about systems where governments have access to data that other people
don’t have (Personal interviews, interviewee #6).

There are risks yet to be contemplated based on the state’s interface with social networks –

The most popular social networks are country specific and they have a very cosy
relationship with government…[cites examples in China and Iran]…So I think that in
the future, it is possible that the government will directly run the social network
service and directly spy on the people and ‘surveil’ people directly without having to
go through some channel (Personal interviews, interviewee #6).

There is available software to prevent detection when you are on the Internet, and Mr.
Murdoch who works on the TOR project explains what it is -

TOR allows you to access website, which are prevented from you going to directly
because of government censorship…it hides what website you are going to and
therefore, someone who is monitoring you can’t say you are going to this banned
website….protect you from being monitored so if you know going to this website is
being disapproved of by your government you can still do it and have a reasonable
degree of safety believing that you won’t be able to be discovered later on (Personal
interviews, interviewee #7).

MPs. Mr. Blunkett shares how as a public figure he is affected by digital technology –

I now presume that wherever I am, wherever I’m speaking…someone, somewhere

will be recording this audibly and visually on their iPhone or other equivalent. As
42
 someone in the public eye, I have no privacy outside the four walls of my own home
and those of my immediate family and trusted friends. I have had my life interfered
with by media – including attempts to access my medical records, substantial 24-hour
surveillance using new technology, and possibly the tapping of the telephone of my
friends (but as far as I’m aware at the time of responding, not of my own mobile
phone). All my information relating to my income or public activities of any kind, are
now registered and open to surveillance (including online for everything that I claim
from the public purse). So having my medical records digitalised, and having
voluntarily giving my fingerprints as part of second generation biometrics (until
cancelled until the autumn on 2010), have no fear for me given what else is being
intruded upon, sought or publicised (Personal interviews, interviewee #1).

Mr. Watson shares how his life as a public figure is impacted by digital technology –

Well, mine is not really about data. I crossed the line from being a private citizen to a
sort of public figure 10 years ago, which a lot of journalists think gives them the right
to knock on my door on a Saturday morning and ask my wife why I have done x, y or
z…I have had huge intrusions into my personal life but that is not dictated by
technological change (Personal interviews, interviewee #2).

Lord Allan shares his view on “going public” –

I started off instinctively uncomfortable about sharing information…now I am,

through experimentation…starting to understand that there is a real value in a
reciprocal relationship where I know things about you, and you know things about
me. About what it is we should share, and what is it we shouldn’t share but the notion
that the sharing itself is good I think is the bit that is interesting and most surprising
(Personal interviews, interviewee #2).
Recounting a conversation he had with a contestant of “Big Brother”, Lord Allan said -
She said that the weirdest thing is when I meet someone, they know everything about
me and I know nothing about them. It is a really unequal relationship…through our
web identities, even just Googling somebody, when I meet you we can each know
quite a lot about each other, but it is much more reciprocal than, more equal and that
is good (Personal interviews, interviewee #2).

43
Chapter 7: Comparative Analysis
In this chapter, I will compare and contrast of the cluster groups in Chapter 6 in the context of
the three issue groups, namely, (a) the private and public, (b) data and economics, and (c) the
state and freedom, by comparing and contrasting the different views. I will do this to support
arguments to answer questions posed at the outset.

The Private and the Public – is there a shift?

Are social networks responsible for causing a shift from the private to the public? Out of the
thirteen interviewees, Mr. Blunkett and Mr. Cross agreed there was a shift from the private to
the public, six interviewees answered in an unqualified way that there was no shift, four
interviewees gave a qualified reason for the shift, and Mr. Watson said it is yet to be
answered. The discourse offered up by Mr. Blunkett is a popular theme associated with the
idea of a transparent society (Brin 1998), discussed in Chapter 3 earlier. In this view, the
power of technology coupled with user behavior is the combined force that is changing
society, and it comes with an air of inevitability. Why resist?

Out of the four interviewees who provided a qualified answer that there was a shift, Mr.
Anderson, Mr. Murdoch and Mr. Moore all agree that it is technology that is behind the shift,
whether it is centralization of data (Mr. Anderson), the ease of use and convenience of
technology (Mr. Murdoch) or the technical capability of instant recording and publishing
(Mr. Moore). This is alluding to the power of technology to create the perception that there is
a shift of our private lives into the public domain, which is very different from whether there
is an actual shift in reality. In Chapter 2, I referenced various works to explain the affective
power of discourse and the use of language in conjuring an image of contemporary society,
based on the imaginary “information society” (May 2002), which was then made “real” by
government policy and corporate or management thinking (Berry 2008). Here, I make the
same argument that what is happening is an “imaginary” discourse of the shift from the
private to the public is being created by general discourse on the social network phenomenon.
For this reason, I argue that there is no discernible shift from the private to the public, and
this is supported by the interviews as a whole, for three primary reasons.

44
Firstly, the social network users are at best naïve in thinking that they are in a private realm,
or at worst persuaded by the ease of use and convenience of technology and deceived by a
lack of transparency. The truth probably lies somewhere in-between, exemplified by a
generation of enthusiasts sharing Mark Zuckerberg’s willingness to experiment, to be part of
a disruptive environment and to share their lives in their playground of choice. Secondly, the
mass media is objectifying the imaginary perception of the private/public shift to grab at
headlines that “privacy is dead” or “privacy is lost”. Objectification is another aspect of the
power and knowledge relationship (Gandy 1993: 9). This increases the hype surrounding
Facebook and social networks in general, increasing “eyeballs”, membership, and advertising
revenue. To make a clear definitive statement about privacy runs contrary to the economic
and business model of Facebook. It makes itself an easy and willing target for the mass
media, since “the lack of privacy is the product” and it is the monetization of the lack of
privacy that is driving investor interest. Corporate social responsibility or ethical behavior do
not factor highly on the agenda of disruptive social media start-ups. Thirdly, the deception
perpetrated on the masses has the effect of obfuscating the key issue in rational-critical debate
– the true nature of the political economy of companies using online monitoring technology
and the complicity of the advertising business in monitoring consumers and citizens.
Popularizing the trivial effects of the social marketing phenomenon has been highly effective
in concealing questions such – what price do we (citizen and consumer) pay for giving away
privacy; and what price is extracted by corporations and the state in exploiting the outcome?

In Chapter 3, based on the review of selected literature, I concluded that the discourse in
academia is unnecessarily restricted to harmful effects of privacy in society. Any proposed
solutions are confined to “compliance” i.e. technical effects to be remedied, and relying on
information privacy for the bright lines to be drawn between the public and private. I argue
that there is an institutional bias in a capitalist society to de-humanize private information as
a commodity. In the higher risk sectors of the private industry, greater liberties can be taken
with private information reduced to the form of computational bytes. By attaching the label
of “personal data” or “personally identifiable information” to the private information of a
citizen or consumer, the person is de-contextualized and de-personalized (Nissenbaum 2010).
This is a deception perpetrated by the mass media, by the high-risk behavior of start-ups, or
by pure arrogance of more established players in the social networking environment where a
higher risk is tolerated.

Mr. Blunkett points out that the individual user has to take some responsibility:

45
 …there are a whole range of areas where people give information readily without
thinking through the implications [referring to loyalty cards, credit and debit cards
tied in with the tracking of lifestyle choices, of movement and of income, which are]
readily and easily obtained (and given) (Personal interviews, interviewee #1).

Lord Allan sees the social networking business model, as “the price of admission to a
particular technology or a particular environment on the Net, is the sharing of a certain
amount of information.” The tension between the business model and the user’s privacy is
underpinned by a fair and transparent exchange. Facebook is writing the rules in a global
social experiment, so it begs the question posed by Mr. Blunkett – can we trust them?

Can we trust the private sector with the private sphere? There is a gap between perception of
the privacy you may have, and the reality of the privacy you should have. In private sector
lingo, this is the “trust” given by consumers to the makers and purveyors of technology, and
it is an exceptionally powerful tool. Branding, best practices (such as industry certifications,
ISO standards, etc) and public relations campaigns help to reinforce and maintain the banks
of “trust” reserves held by corporations and their marketing machines. As industry practice,
it cannot be extended to social networking because it is inherently misleading, it exploits
mass complacency about social networks, and it forms the basis for new ways to misuse
personal data beyond the original purpose, explains Mr. Clayton:

Basically, it is clear that a lot of marketing people don’t understand the concerns
about privacy, and I think that aspects of privacy stop people using systems, which
they might enjoy using, or have some benefits for them because they are concerned
about the privacy aspects. I fear that most of the time it is the other way around and
people just carry on using them without paying any attention to privacy aspects. We
are beginning to see some sorts of examples, which is recruiters looking at people’s
Facebook pages form an opinion about them (Personal interviews, interviewee #4).

To rely on individual users to self-regulate in social networks is an unsatisfactory solution,

and it only serves to perpetuate the deception further. Individual users should be given the
choice to decide if they want to give up their privacy, how much and for the purposes stated
upfront as part of the social networking experiment. To test new features, or additional
functionality, the user should expect an explicit opt-in request.

There are many privacy concerns in software engineering on the use of live data (i.e. actual
real world data, not “test data”) for use in beta-testing a new product since “live data” may
contains personally identifiable information of customers that is on a “need to know” basis

46
(Smith 1994: 129) (Turnbull 2009: 216). As the pre-eminent start-up space, with millions of
“live data” participating around the world, why is Facebook allowed to run a massive test
using its participants? This is not only a technical question but also a moral, philosophical,
ethical and political question. How different are the members of Facebook from the
participants of a DNA genetics experiment? Both uses live data, both involve humans as the
“lab rats” for testing but one requires opt-in consent while the other does not.

Data and economics – the price of our privacy

Are we experimenting with our privacy? The combination of ease of use and convenience are
critical features of technology products and services – the more convenient and easy to use,
the greater the adoption and uptake. It is simple and easy to share our photographs with our
friends and family, through Flickr or Facebook. Google Search makes it simple and easy to
conduct an informal background search on potential employees. Little pieces of information
about us, what we considered to be private because we thought that we had control, are
gradually becoming more accessible to a wider audience. By making it easier to publish,
share and disseminate our own information, we are making it more convenient for others to
access the same information. What we are experiencing is the shift in perception of what we
thought was private being moved into the public space (and the degree to which it happens)
as a result of the convenience of technology. This change is interesting because there is a
broad spectrum of our social interactions that are governed by norms and conventions as to
who can see what and for what purpose, but they are decoupled by technology. The burden
rests on the individual to be a willing participant or to be inherently skilled at the social
organization of the virtual and real self. Lord Allan contemplates that over time, we may yet
learn the skills to “curate” the virtual and real self (e.g. online reputation management), so
that “people will increasingly curate the stuff that they want out there, delete other stuff as far
as they can and expect other people to ignore the residual information” (Personal Interviews,
interviewee #2). There are certain underlying assumptions about the practicalities of self-
organization, which present some real challenges to the individuals beyond the limited
purview of Facebook.

Firstly, the task of searching for, and getting access to the relevant information on us online is
not as easy and simple to accomplish. Anyone who has challenged a credit reference rating or
come up against identity theft, can appreciate the frustration of dealing with customer call
centers and the uphill struggle to regain your online reputation once lost, even if it is not your
own doing. Secondly, the evidential standard required to defeat institutional bias against the
47
individual is so overwhelming that most of us give up. The ability to delete information
about us once it is online is generally over-stated, because you have to find the data, then take
steps to irrevocably delete from the multiple servers, storage devices, and copies kept in filing
cabinets, email inboxes, etc. Thirdly, to rely on the generosity of the world out there to
ignore the rest of the data “out there” over emphasizes the ability to determine what and how
much we can ignore, and is therefore quite a leap of faith. We should bear in mind Arendt’s
critique of the rise of the “social” in the form of capitalism and the nation state imposing the
economic unit of the family as “collective housekeeping” (Arendt 1958: 28). When freedom
is tied to “housekeeping” as a form of labour, it becomes a basic human necessity. The raw
materials of labour in this case are private information, and “collective data-keeping” leads to
the domination of the private sphere by corporation and states interests.

The three elements described above are commonly put under the banner of “control”. The
ability to control our own information once it is out there is the subject of considerable
research and debate, and it is a problem that is reaching a breaking point. The use of default
privacy settings is an example of bad industry practice. By signing up and using Facebook,
or Google, you are by default agreeing to a sequential set of transactions where your personal
data is in their hands, to be used, reused, shared, data-mined, etc. By default, the user hands
over control of their personal data. In this type of relationship, the user is under the
impression that he can control the flow of personal data, through the use of privacy settings
or preferences. It is a set menu of pre-determined outcomes designed to ensure minimal
interference on the part of user. It does not enable you to choose who should see what data
and for what purpose, for example, there is no option to opt-out of personal data being shared
to life insurance companies, and generally, there is no option to opt-out of Facebook or
Google making a profit from personal data being shared with third parties. The standard is
“all or nothing” is taken from traditional media business models, and traditional CRM tactics
to entice – it is unethical marketing akin to a venus fly trap, to lock you into a walled garden.
Nevertheless, marketing and public policy messages convey to the user they have control.

Locking-in. Several years ago, Facebook changed its terms of service unilaterally, to make it
more difficult for users control their wall posts and photos or delete their history. The users of
Facebook signed a petition against the new terms of service forcing Facebook to back down
and give assurances to users that they own their own posts (Rotenberg 2009). For the users,
it was about ownership and control, for Facebook, it was about monetizing users posts. Marc

48
Rotenberg of the US based Electronic Privacy Information Center (EPIC) evaluates this
predicament as a product of modern-day privacy that is –

…about digital identity, the control of personal information, and the brewing battle
between what we post and its commercial value (Rotenberg 2009).

If the Facebook user is the commodity that is being sold to the highest bidding advertiser,
shouldn’t users have some say in this process? For mere participation in a social networking
website, the price we pay tomorrow is increasingly straying into unknown experimental
territory. It is difficult to gauge upfront how much the user is prepared to give away on the
site today, let alone in the nearby or distant future. The baseline is not to exceed the original
intent and purpose of data collected from, or provided by, the individual. In the Facebook’s
burgeoning relationship with advertisers, the more data they can provide, the better, and as
the fiscal incentives are entrenched into the system, is it simply too irresistible? The use of
“like” buttons next to specific adverts on the site encourages users –

…to volunteer their tastes and preferences and then develop more comprehensive
psychographic profiles on its members (Stone 2010).

Facebook has recently added a new feature to allow users to “check-in” at a disclosed locale
and tag the friends who are with you. This virtual marker, of who you are, where, who you
are with, what you and they like, for advertisers is a powerful proposition (Daily Mail 2010).
Still the question remains – at what point do users agree to a change of use? At what point
can a user say stop before it gets too far? At what point is the user asked by Facebook if this
is ok? This is the problem of “scope creep” in the social networking space, and the concerns
are significant enough to prompt the EPIC to file a complaint with the Federal Trade
Commission (Gohring 2010). The EPIC argument goes something like this – Facebook is
perpetrating a deception on their users, and its business practices are unfair because –

Facebook disclosed users’ personal information to Microsoft, Yelp, and Pandora

without first obtaining users’ consent; Facebook disclosed users’ information –
including details concerning employment history, education, location, hometown, film
preferences, music preferences, and reading preferences – to which users previously
restricted access; and Facebook disclosed information to the public enve when users
elect to make that information available to friends only13.

13 The EPIC complaint can be downloaded from this link -

http://epic.org/privacy/facebook/EPIC_FTC_FB_Complaint.pdf.
49
EPIC is able to file such a complaint because a right to privacy is recognized under the US
constitution and common law. It is linked to other basic rights such as, employment,
insurance, credit, medical services and due process. This complaint comes hot on the heels of
the $9.5 million settlement of a class action against the “beacon” program used to monitor
and publish what Facebook users were buying or renting from Blockbuster, etc without
permission. Facebook was also in breach of Federal wiretap and video rental privacy laws. In
the FTC settlement, Facebook denied all wrongdoing (Kravets 2010).

If this is not a new environment, what are we dealing with? Mr. Hosein, Executive Director at
Privacy International, rejects the idea of a new environment for privacy created by social
networking sites. He identifies new challenges with social networks, but it is not a new world
order. He believes in smart design -

There is a commercial interest and they are trying to do their best within that
commercial interest. But it doesn’t mean that either you have privacy or you have
commercial interest. You can still design things smartly – I would like to point to
companies who have done that, who are still successful by putting security in their
systems. This entire discussion could have been about information security (Personal
interviews, interviewee #9).

If Gus is right, then there may be a lot of bad designers out there. Twitter and Foursquare,
two other well-known start-ups, have also found themselves in a similar predicament:
• Twitter is finding itself in a similar situation. The FTC has recently reached a
settlement with Twitter for two incidents where hackers obtained unauthorized
administrative control of Twitter, and accessed private user information and private
“tweets”. The hackers also sent out phony tweets from user accounts including that of
President-elect Barack Obama (FTC 2010).

• Foursquare was the latest social networking start-up that is coming under scrutiny. A
“white hat” (i.e. a good hacker) found a privacy leak that allowed the profiles of
hundreds of member on the site to be seen by anyone, even if they had restricted
privacy settings (Singel 2010). The breach was published on the Net.
But it isn’t only the start-ups, the fairly well-established and traditional computer software
companies are also implicated – two examples:
• Microsoft issued a pre-emptive statement about a glitch that allowed some users of
hotmail to be shown other users inboxes when attempting to access email through
their mobile phone (Bright 2010).

• Apple’s 3G version of the iPad potentially exposed the emails and a unique identifier
known as ICC-ID numbers that could reveal user locations of 114,000 AT&T
customers (Mahaffey 2010). The news coverage related to Apple and Microsoft
privacy breaches were subdued by comparison to Google or Twitter.

50
Google is probably the most frequently criticized company for privacy incursions. The long
list of complainants and complaints is quite remarkable14, relating to:
• Google’s Buzz application has been the subject of a class action claim by Buzz users
who found their contact lists were exposed to other users without their permission on
the launch of the Google’s new social networking endeavor (Erfati 2010) .

• In Europe, Google is being investigated by regulators in several markets for payload

data sent over the network by users – including emails, video, audio and VoIP
information – that was collected by the Street View application (EurActiv 2010).

• BBC reported on a research report finding that Google Android apps are sharing data
on the reliance of blanket permissions given by a user at the outset, but then did not
do enough to inform users what was going to be done with that data or who it would
be shared with (BBC 2010).

How did Google respond to the criticism of its privacy practices from the leading data
protection commissioners? A letter from Google’s privacy counsels (Jane Horvath and Peter
Fleischer) to the data commissioners dated 7 May 2010 made an unconvincing re-
commitment to Google’s pre-existing privacy principles, and directed all concerned including
their own customers to the Google Privacy Center, the Google Dashboard and the Data
Liberation project in the interests of transparency, greater user empowerment and choice15.
The Privacy Commissioner in Australia subsequently decided that the collection of payload
data by the Street View cars from Wi-Fi networks was illegal16. Alan Eustace, Senior VP,
Engineering and Research, Google gave a more conciliatory apology for the “mistake”.

The explanation given by Google - “we had mistakenly included code in our software that
collected samples of payload data from Wi-Fi networks17”. The blame seems to fall squarely
on the untested or unsuspecting code that sneaked into the Street View cars. Google doesn’t
want to get into the details as to why software code was included in the software for Street
View cars. The incident was serious enough to prompt Eric Schmidt to defend Google’s
privacy record on the basis that there was no harm caused from the incident. Does it mean it
is legal and ethically acceptable to incorporate any software code into privacy invasive
scenarios as long as it doesn’t do any harm? The software code in question is packet sniffing
technology, not much different from technology employed by Phorm in the trials of Webwise

14 Google rapped over privacy issues by 10 nations - http://news.bbc.co.uk/1/hi/8632517.stm ; Critics strike at Google’s
new “All-It-Can-Eat” privacy policy - http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=136992;
EPIC letter to Google - http://www.priv.gc.ca/media/nr-c/2010/let_100420_e.cfm
15 Google’s full response to the Data Protection Commissioners in Europe can be viewed at
http://www.scribd.com/full/31056661?access_key=key-np9r7ignhiwjhw2x2i2.
16 Australian Privacy Commissioner obtains privacy undertakings from Google http://www.privacy.gov.au/materials/a-z?
fullsummary=7103
17 WiFi data collection: An update http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html
51
software for British Telecom18. It is the same monitoring technology used by ACS: Law to
determine what IP addresses are being used for file sharing. These are the modern day tools
in a surveillance society according to former Information Commissioner, Richard Thomas -

…are we moving towards some sort of surveillance society, where technology is

extensively and routinely used to track and record our activities and our movements?
We would say, yes, there is a growth in such activity; and therefore there is a need for
the public to be aware of what is going on; there is a need for a rigorous debate,
particularly where these techniques are not obvious – they are invisible, or people are
not aware of what is going on. We need to move towards some sort of political
consensus as to where the lines should be drawn; what safeguards are needed, and
how they should be applied in practice (Home Affairs Committee 2008: 1).

The State and Freedom – A matter of surveillance in society

For those who choose a life in politics, the distinction between the public and private spheres
is an important consideration for their roles as appointed guardians of a democratic political
process aimed at public decision-making on important issues, including “life, liberty and
property” (Locke 2009: 110)19. Why would people part with their freedom and subject
themselves to a greater power? The answer “…there are good reasons for people to enter
society with like-minded individuals for the mutual preservation of their lives, liberties and
properties” (Locke 2009: 110). I argue that social networks are the technological portals by
which we “enter” the virtual society in the United Kingdom.
How much of the private sphere should be entrusted to the government? Richard Thomas,
former Information Commissioner, giving evidence to the House of Commons, Home Affairs
Committee, Fifth Report of Session 2007-08 (Vol II) entitled “A Surveillance Society?” on 1
May 2007 before Mr. John Denham (Chairman), he referred to the surveillance society, not
as a paranoid reaction to ages gone past, rather part of a British democratic tradition:

Going back to George Orwell and perhaps even earlier, it is easy to build up a picture,
which can be interpreted by some people as being paranoid or unduly concerned. I am
very keen indeed that we should not do that. The report that we commissioned did
paint a fairly comprehensive picture. I think it is a very worthwhile contribution to a
debate… (Home Affairs Committee: 418).

He was referring to a real and present risk to modern society today:

18 Richard Clayton reviewed the Phorm “Webwise” system, at their request, and found “Overall, I learnt nothing about the
Phorm system that caused me to change my view that the system performs illegal interception as defined by s1 of the
Regulation of Investigatory Powers Act 2000.” He criticized Phorm for conveniently mixing up privacy and data protection.
19 This is a modern English translation of John Locke’s 1690 book “Two Treatises on Government” where he sets out “the
real social origins, functions and limits of government” and establishes that the only legitimate form of government is based
on the consent of the people and the commitment to uphold fundamental human rights to “life, liberty and property”.
52
 I talked about some of the risks to society, particularly where computers without
human intervention are classifying, are sorting information or processing information.
The risks I think are can be very real and some of those are spelt out in the report
(Home Affairs Committee: 418).

He cites the controversial example of the DNA database the police have access to, but there
has not been much parliamentary debate, the ICO was not consulted:

…where a significant proportion of the entire population has their DNA on that data
and there are clearly benefits, and there are clearly risks there…the proportion of
young, black males having their DNA on that database is 40% of all young, black
males now…(Home Affairs Committee: 418).

Mr. Blunkett put the British national identity (ID) card on the political agenda in 2002, linked
to the National Identity Register (NIR), a supra database of private information on everyone
lawfully resident in the UK (Whitley 2008: 419). The British ID card met with civil
resistance from NO2ID20, and it was a political issue at the recent elections. The Tory-Liberal
Democrats government later scrapped the British ID card scheme21. Mr. Blunkett is critical
of the bias against the state machinery. “There seems to be a presumption that if it is carried
out by government then we should be ultra-wary – and we should – but if its private then it’s
fine!” Mr. Blunkett argues that the vast amount of data held by the state on the citizen has not
changed, but what has changed is:
…what was formerly more fragmented and more difficult to get at (particularly
without being observed) is not at risk because of the liability to make mistakes and the
ability to intrude is greater because of technology (Personal interviews, interviewee
#1).

He puts the blame sorely at the feet of the privacy advocates who have “made the State the
villain of the piece, rather than the user of the digital age in doing what it was previously
doing through paper based or analogue technology” (Personal interviews, interviewee #1).

What is the role of the state when the private sphere is breached? In Sept 2010, the private
information of thousands of broadband customers accused of digital piracy were leaked onto
the Internet after the website of a law firm (ACS: Law) was subjected to a denial-of-service
(DOS) attack by cyber anti-piracy activists. The spillage of names, emails, addresses and
confidential communications revealed the bullying tactics adopted by ACS: Law under the
authority of the Digital Economy Act (Firth 2010). This case marks a historical turning point

20 NO2ID is a single issue group on the threat to liberty and privacy posed by the database state - http://www.no2id.net/
21 ID card scheme will be scrapped with no refund to holders -
http://www.telegraph.co.uk/news/newstopics/politics/7757720/ID-card-scheme-will-be-scrapped-with-no-refund-to-
holders.html
53
for political and moral debate on privacy incursions in the UK, not because of data protection
rules flouted in equal parts by BT, ACS: Law, PlusNet, et al; not because the ICO will come
under public pressure to act decisively to impose penalties, and not because of the public
humiliation for the individuals and corporation alike. We will remember ACS:Law because it
stands out as an invasion of the private home by a “private” police force to regulate internet
content, it is a violation of family life on the back of spurious allegations of file-sharing, it is
the pursuit of profit by corporations where the means will always justify the ends, and the
failure of ISPs to deliver on their basic commitments to protect the privacy of their
customers. The laundry list of stacked-up complaints include –
• Targeting of vulnerable members of society e.g. pensioners, gay and bisexual men22;
• Ethical issues about the conduct of the law firm for employing bullying tactics
(ISPreview 2010);
• Incursion of a person’s privacy at home and their family life, and the role of ISPs in
facilitating the violation of basic human rights (Halliday 2010);
• Questionable use of “bespoke monitoring software” to sniff IP addresses of customers
of broadband suppliers23; and
• Emotional distress caused to families at the receiving end of these legal threats.

Neither the Information Commissioner, nor the Law Society Disciplinary Tribunal can
single-handedly resolve these issues. The next aggressor can be any private sector company,
small, media or large who has the means to conduct surveillance against private citizens, the
fiscal incentives to fund the fish-expedition, and the backing of dubious law for the regulation
of content on the Internet. It’s too convenient to blame it on bad behavior, procedural error or
plain incompetence. Even if the aggrieved customers of the ISPs were to band together to
take their cases to consumer advocacy groups or to the government, what relief can they seek,
when the damage is done? Their best solution is to vote with their feet.

The longer-term solution may be to enact a data breach notification law, with stiff criminal
penalties for conduct unbecoming of a data processor, and as a deterrent to future offenders.
It is a stark reminder that your personal data is owned and controlled by corporations for
profit. It calls into question the ISP’s ability to act as guardians of the people’s private
information. Is it unfair to tarnish the entire private sector under the same brush from this
incident? After all, the solicitor and sole proprietor of ACS: Law, Andrew Crossley, appears

22 “Torrent Freak” exposes several examples of questionable ethical behavior on the part of the law firm accused of
targeting the vulnerable - “a married man explains how he, his wife and his family have been affected by wrongful
allegations that he downloaded gay porn movie ‘Bareback Britain’…” http://torrentfreak.com/acslaw-gay-porn-letters-target-
pensioners-married-men-100925/
23 The FAQ customer website of PlusNet explains the method used to collect evidence of digital piracy - “Copyright
holders and legal firms such as ACS:Law employ the help of third party companies, such as Digiprotect and Logistep, who
use bespoke monitoring software to identify the 'IP addresses' of people connecting to file sharing networks. They
specifically target those uploading content belonging to the copyright holder they're working on behalf of.”
54
to be a rather unsavory legal guardian, following an investigative expose in Wired (Anderson
2010). The tactics he employed was questioned and openly challenged by Lord Lucas and
others24 as far back as January 2010. New media technology, such Google’s search engine
and the Facebook social networking site, has in the past half decade epitomized the changing
power of the individual to find out what companies or governments are up to. The very same
power can also be turned back on the individual for everyone else to find out what you are up
to, and “…with the move to social networks, the individual is I think disadvantaged”
(Personal Interviews, interviewee #5).

Ross Anderson is vocal opponent of the British ID Card, explains the significance of putting
(surveillance) technology before society:

…it is a race to the bottom. People who have got stronger privacy preferences are
basically overruled by social pressure, in that they appear to be odd or weird or
something. Perhaps there is a return to elitism (Personal Interviews, interviewee #5).

Are we mixing the data of the private and the public sphere? One of primary objections to
the National Identity Register is centralization of data effectively shifts the focus from the
individual to the state or corporate, as to who has the most incentive to access data. When
this happens, politicians are “off the hook” from learning to grasp the implications of the
socio-technical environment for the wider society, such as the impact of surveillance
technologies. The FIPR, in giving evidence to the House of Lords, Select Committee on the
Constitution on Surveillance: Citizens and the State (Houses of Lords Select
Committee 2009), highlighted three examples where UK government has chosen to ignore
the significant costs on citizens imposed by the introduction of surveillance technologies,
namely – the National Health Service (NHS) attempts to centralize all medical records, the
DfES plans to share data on children between the NHS, police, school and social work
systems, and the ID database project:

These ventures appear to be driven less by any clear vision of how to improve
services, as by a desired to appear “modern” (and in the case of ID, “tough”). The
current Whitehall status game seems to be “my database is bigger than your database”
(Houses of Lords Select Committee 2009: 404).

24 Crossley’s tactics have outraged Lord Lucas of Crudwell and Dingwall and dates back to January 2010 – see
http://arstechnica.com/tech-policy/news/2010/06/straightforward-legal-blackmail-a-tale-of-p2p-lawyering.ars/
55
The 2009 report called “Database State” commissioned by the Joseph Rowntree Reform
Trust Ltd listed UK databases that are almost certainly illegal under human rights or data
protection law, and recommended for scrapping or substantial redesigning. This includes the
National DNA Database holding approximately 4 million individuals, over half a million who
are innocent (they have not been convicted, reprimanded, given a final warning or cautioned,
and have no proceedings pending against them) – including more than 39,000 children; the
National Identity Register storing biographical information, biometric data and administrative
data linked to the use of an ID Card; ContactPoint, the national index of all children in
England holding biographical and contact information for each child and recording their
relationship with public services, including a note on whether any “sensitive service” is
working with the child; ONSET, the Home Office system gathering information for many
sources and seeks to predict which children will offend in the future; the NHS Detailed Care
Record, holding GP and hospital records in remote servers controlled by the government, but
to which many care providers can add their own comments, Wikipedia-style, without proper
control or accountability (Anderson and Joseph Rowntree Reform Trust 2009: 5).

In these scenarios, the lumping together of private sensitive data in public systems where
technical access is entirely determined on systems, process and people, the risks are located
solely on access differentiation - who has access to what data, how to separate access,
authorization of access, etc. The centralization of personal data is the cause; the effect is
misuse of data or misapplication of one type of data for another purpose. This requires a
highly skilled, and knowledgeable civil service with trained privacy practitioners working
with compliance officers, internal auditors, IT and infrastructure/systems experts to protect
unauthorized access and enable data to flow appropriate, to be used legally and ethically in a
large matrix government organization. This is not within the core capabilities or competency
of civil service bureaucracies today, and it is not on the political agenda in times of cost
cutting and budget justifications.

The surveillance society highlights the disadvantaged and the vulnerable in society, puts them
at most risk, and there is a chilling effect on everyone else in their everyday normal activities.
This is hard to quantify because the transformations are subtle, the shifts in behavior have to
be measured over longer periods and the immediate harm is not apparent without a detailed
study being conducted. This is a discussion about consequences, not effects, of permitting

56
surveillance technology in society without any boundaries, rules, scoping, etc. What are the
hard consequences for Britain, as the country with the most surveillance?

What are the long-term implications for the public sphere? For digital rights campaigners and
privacy activists, I predict that the over-zealous enforcement of the Digital Economy Act by
anti-piracy enforcers and the ensuing public outcry against those hiding behind these bullying
tactics will overtake any reasoned discussion of the debate of the public and the private
presented by the incident. Beyond the media feeding frenzy, this case is highlighting that one
of the long term consequences of monitoring citizens and consumers is the chilling effect on
civic participation, as Becky Hogge know too well because of her own experience as a digital
rights campaigner and former executive director of Open Rights Group (ORG) –

That is one consequence and it could be the erosion of the right to anything, it could
be erosion of free speech, freedom of association similarly. If you are worried with
location technology that you could be tracked in a particular way, if you are taking
part in - already you will see climate change activists leaving their mobile phones at
home so that they are not tracked (Personal interviews, interviewee #10).

There are certain professions such as the civil service where the door is slammed shut
because of any prior involvement with political organizations. Surveillance is about the
power to record and recall but does it mean you cannot change your mind or make a mistake?
There are fears of signing Internet petitions because it will be there later, and it may affect
other life chances in the future.

In the journalistic world, there is a certain irony when it comes to privacy. For journalists,
privacy can be viewed as the opposing force to the fight for greater transparency and
accountability in a new media society. Journalists who seek to make data accessible and
transparent for journalistic endeavors, such as motor vehicle registration numbers, individual
tax records and other records come up against privacy as a defense. This desire to make data
open and transparent cuts both ways. Are journalists prepared to disclose their own contracts,
funding and commercial interests for the sake of greater transparency? Are MPs prepared to
allow for their expenses to be on public record since it is the taxpayers who are paying for
them, in the interests of regaining the public faith in MPs and how they manage expenses as
part of their official duties? The benefits of taking these steps for those who are brave
enough are independence, integrity and strangely enough, trust of the citizen they serve to
protect.

57
The issue of data for journalists is inherently tied to economics by the nature of their craft.
For the journalist, access to publicly available data is critical, and the field of data journalism
is taking shape very quickly with the increased sophistication of data analytics and other tools
available to journalists and everyone else. The Guardian’s “Free Our Data” campaign has
brought the issues of what is accessible out there, where can you find it, how to manage,
process and use these large datasets, to the forefront of the mind of journalists and the
industry of journalism alike. One school of thought is we actually have more privacy than
before – the example is the Medical Records Act that made patient records essentially a
“private” space. This can be attributed to technological developments during the passing of
the law, and the implementation of such laws. Mr. Cross argues that the summary health
record program was started to address the right to medical records under Data Protection law
but he is of the view that those who launched the program had no idea of the complexities
involved –

They assumed that an electronic health record was a self-evident good, and it was a
matter of computerizing it and procuring the best technology to do it. They had no
idea of the legal, medical and ethical difficulties associated with it so they went ahead.
And they were forced to confront these issues. And their answer to it was to concede
more and more power to the patient. The patient now has more control over their
medical records than they have ever had, since the NHS was founded, over who sees
it. There was never any control, any consent when it was in paper form. So the
patient now has more control. SO we are now getting to the stage when there is a real
issue of patients opting out of data being reused for public health and research
purposes (Personal interviews, interviewee #12).

Today, the notion of the private medical record is again being challenged by the summary
healthcare opt-in process and the efforts to employment technology to achieve a centralized
view of patient records. The wider questions are whether the citizen is being provided
services qua consumer or qua citizen. The digital person today moves from consumer in one
instant, to citizen in another. Where are the lines drawn, and who helps to draw these lines?
On the one hand, there are developments in the private sector drawing lines around the norms
and conventions of a private individual in a public (in the Facebook sense of the word) and in
the publishing (in the data journalism sense of the word). On the other hand, the public
sector with probably the largest databases for their citizens are considering the option of
releasing these datasets, not only for mailing list vendors but for broader digital analysis,
data-mining and potentially profiling purposes. Where do the citizen start, and the consumer
begin? For the many online personas and identities which are currently being self-regulated
and self-organized, is there an interest for the state to bring them within the purview of state
machinery to monitor, to sort, to classify and organize in some national interest or
58
government wide policy to sort, classify, monitor its citizens? When the two worlds of the
private information relating to the online consumer and the online citizen meet, what will
happen? When the private meets the public, what happens? There are many unresolved
questions outside of the scope of this paper, but certainly needs critical attention in the very
near future.

59
Chapter 6: Conclusion

The aim of this dissertation is to add to the debate as to the “big” changes in society,
precipitated by digital media technology. The key focus here is to investigate the notion of
privacy in society, and how this has been changed by digital media technology. This paper
argues that the shift in “big” society is about the changes in power within society (and the
dependency on who has what access to knowledge and information). This paper is an attempt
to explain the political economy of privacy in a predominantly capitalistic society. This
hypothesis is reliant on the examination of the role played by privacy in modern society, and
the ramifications for privacy in the context of digital media technology. To put privacy in
the context of technology may appear to be fairly straightforward analysis but it is often an
elusive one. This dissertation is about the concept of privacy in a digital lifestyle, and takes a
critical view of the positivist attitudes we have taken in embracing digital technology with
little or no resistance.

Several themes have arisen from this examination of privacy in the context of digital
technology. While technology in the most generic sense of the word (including the printed
word, etc) has over time changed our lives, it is argued that it is digitization of media and
technology that is forcing human beings to confront the meaning of values, ethics and the
importance of a concept such as privacy in our everyday lives. Consider being asked many
times per day if we will allow Google to use our location data. Consider the multiple notices
in so-called public areas telling us we are under surveillance for our own protection. In this
new environment, it is difficult to determine who is threatening our privacy and who is not,
and it depends on the frame of reference. The overall conclusion, even though it may seem
ridiculous at first blush, is everything and everyone is a threat to our privacy, including our
own actions. This futility is so exasperating that we have lost the language and the natural
ability to express how we feel about privacy, and many of us reach the inevitable and well-
intended conclusion that privacy is lost, expired, extinguished, and gone. Yet over and over
again, we are finding that the idea of privacy is still important, in fact more so than before
because it is relevant, resonant and it is part of the fabric of everyday life. While the
technology is confronting us, we are appreciating what it means to be watched, to be stalked
and to feel paranoia when we are on the Internet. We do what we can to cope. We retreat, we
withdraw and we try our best to disconnect ourselves from the virtual digital world.

60
All of us are taking small steps to regain our privacy, our solitude and our sanity. So the
more plausible answer is we have not lost our privacy, but rather we have lost our ability to
make sense of privacy in an alluring, enticing but highly complicated and confusing digital
medium. In this new digital medium, we have ceded control of our privacy to others, not just
our neighbors and friends but to government, corporations and anyone else who offers us a
free t-shirt. We have allowed others to access our private information and run amok with it.
As a result of our own naïveté, and our blinkered view of the digital technology that pervades
our lives, we have allow technological gremlins to spread like nanotechnology, cause our
private lives to be the subject of demographics, profiling, etc. The scale and enormity of our
loss is gratifyingly unknown to most of us. And yet we are reminded everyday because our
sense of loss is felt and weighed by feelings of injustice, fairness, inequality and most of all,
powerlessness. Feel disempowered is only one short step from rebellion. To analyze power,
is to understand the institutions, interests and the motivations behind the structural basis for
privacy. Realizing that privacy is a commodity in modern society, not a basic human value is
a shocking revelation.

I am from the generation of the personal computer and the rise of the software industry such
as the pervasive use of embedded software code created by Microsoft, Google, Apple,
Facebook and Twitter, the global expansion of the multi-national corporations, such as News
Corporation, and in more recent times, the rise (and fall) of the day-trader, the rallying bull
and bear calls of the stock market, the mobile phone and the financial crisis. Gus Hosein,
visiting fellow at the London School of Economics (LSE) and Privacy International (PI),
concurs that there was something “big” in society -

We had no idea what was coming, so something came – everything changed, not just
for privacy but for free speech, intellectual property and not just because of the
Internet. I think technology, and saying beyond Internet, database technology,
information technology just blew up in the 1990s, same time as there was
globalization, growth of government, growth of civil society, [the growth of media]
all of these things happened at the same time. That is what changed privacy more
than anything else – [we] couldn’t get anybody interested in any of these issues before
then, but now, we can trace it all that back to sometime between 1990 – 1998. I wish
I could say it was all to do with the Internet. The social and political dynamics we
have today I think started in the early 1990s and that included the Internet as a popular
phenomenon, but it was also when policymakers grew a bit more attentive to
technology, when companies and their images started changing - all these actors in
this political economy started to change in the early 1990s and that is the exact same
situation we are dealing with today. (Gus Hosein)
This rise of the capitalist consumer society can be attributed to the perfect storm of science,
technology and economics. Manovich poses this question in The Language of New Media:

61
 What to make of this modern desire to externalize the mind? It can be related to the
demand of modern mass society for standardization…Hence the objectification of
internal, private mental processes, and their equation with visual forms which can be
easily manipulated, mass produced, and standardized on its own. The private and
individual is translated into the public and becomes regulated (Manovich, 2002: 74).

To contemplate how we can escape from this modern dilemma will preoccupy us for the next
few decades. It will not only take on the form of a physical guttural reaction to the
extroverted stimuli of big brands and big labels, and the self-indulgent public dumping of
personal opinions and banal commentary, but also, the reclamation of the inner introversion
of private thoughts, feelings and experiences that is needed to restore a semblance of
individual sanity. Manovich’s recommendation is to refuse “all options and customization,
and ultimately refusing all forms of interactivity (Manovich, 2002: 124).”

Digital technology, in particular the Internet, has changed our social interaction, lifestyles and
culture for the better in so many ways. At the same time, we are become uncritical, our
senses are dulled, and we are lulled into false sense of security. This Facebook, MySpace
and YouTube or the Net generation (Tapscott, 2008: 3) of wunderkinds is in a unique
position of personal empowerment25 and with great power comes greater responsibility.
They are setting the stage for the next generation to come, and judging on current
performance, their children and grandchildren are destined for a future that is rooted in the
past, and fearful of the future. Forgetfulness is nature’s way of forgiveness. A society that
cannot forget, won’t forgive. If our privacy is lost, we need to find means to regain it. We
can start by forgetting and deleting. This only gets us so far. We need to define rules that
reflect compassion to allow for mistakes to be made, and forgotten. Learning from our
mistakes is how we mature as individuals and it is a reflection of a developed society’s
humanistic approach to its citizens. It is critical to a more compassionate and fair-minded
society.

Privacy is more than trust promised by corporations and government – it is about dignity,
human values and respect for individual. The political economy of privacy, ensconced in
information privacy rules, regulations and principles today, instead of protecting privacy has
instead led to the obfuscation and minimization of privacy as a fundamental right to be
respected in an information society. In the near future, there will be significant advances

25 Dan Tapscott in Grown Up Digital: how the net generation is changing your world, describes the potential of Net
Generation as “demographic muscle, media smarts, purchasing power, new models of collaboration and parenting,
enterpreneurship, and political power…”
62
stemming from the embedded nature of software code; for example, the autonomous
synchronization of data to facilitate the auto-completion of menial tasks easily accomplished
by computerization will rapidly replace the existing plethora of data matching systems. The
doctor and patient, the banker and customer, buyer and seller, father and child, the husband
and wife relationships will become transformed through the synchronization of personalized,
customized and intimate personal data, engage in multi-networked conversations about who
does what for whom in which ways. As an extension of the transactional exchanges
happening today, it is a representation of increased quantitative and qualitative experiences.
Described in his forthcoming book (Berry 2010, Forthcoming, p. 8), it is the combination of
“the delegation of mental processes” with networked, embedded and quasi-visible
technologies that turns life into quantifiable metrics, and into a commodity for use by others.

In the public sphere, political naivety has triumphed over the critical need for a thorough
examination of privacy in the context of a socio-technical environment. Political needs and
maneuvering has overshadowed the privacy of citizens. State bureaucracy and machinery,
once entrenched, creates disincentive to change, disincentive to protection of privacy and
more importantly, disincentive to develop more humanistic approaches to managing privacy
concerns, needs and interests. Lack of knowledge on the part of civil servants in privacy – as
exhibited by the number of privacy breaches – are symptomatic of the flaws in people,
process and systems which make the state a dangerous guardian of privacy. In the private
sphere, commercial incentives and greed triumphs over privacy. Technology preferences
triumph over privacy. Data protection, in the sense of the technical compliance for privacy
requirements, triumph over the more humanistic values underlying privacy rights. Private
sector has reputation, competition, media and the user as check-balances which can be
effective for a public listed company but for start-ups, for companies who are not accountable
to the wider audience, those who are experimenting with new technology, we have no way of
dealing with them, and society pays the heavy costs.

To summarize, the appropriation of privacy by corporations and governments, and the self-
appropriation of privacy as a resource by the individual for sociological, physiological,
psychological and emotional reasons, are two very different concepts. If privacy is a
commodity that is the subset of the computational knowledge society, rules and regulations
such as data protection laws designed to address people and processes are not necessarily
robust or flexible enough to handle an autonomous, data-driven design of the panoptic system
of controls coupled with the needs based and market demands for consumption. We quickly

63
come to realize that at the fundamental level, we don’t need more valuable commodities,
what we need are more humanistic rules for the coexistence of man and machines, as a part of
our everyday lives. The private sphere is being colonized by private sector commercial needs
and public sector political needs. The line between the consumer and citizen is blurred by the
rise of the “social”. Putting the onus on the individual to self-regulate or self-organize are
potentially disastrous as “collective housekeeping” (Arendt 1958) turns into “collective data-
keeping” – to the private advocates, consider the fall of the public man (Sennet 1992).
Similarly, when we consider how our privacy is increasingly being treated as a commodity,
how it changes the way we react or respond to our environment, and the increasing
propensity for privacy to be embedded deeply in technology and bound by software as “a
tangle, a knot, which ties together the physical and the ephemeral, the material and the
ethereal, into a multi-linear ensemble that can be controlled and directed (Berry,
forthcoming)” then, arguably, it is also embedded in our psyche and in the constitution and
maintenance of our identities in the real and virtual world. This is powerful proposition to
consider because if privacy is wrapped up in code and it could go far beyond what is initially
conceived, since it is capable of morphing and mutating into new and unforeseen ways with
unintended consequences. The speed at which the original intention is superseded due to the
nature of embedded code, for reasons already explained above, may be exhilarating at first,
but then terrifying once it is digested and understood. Arguably, privacy as a commodity has
become the social euphoric ecstatic state we have come to enjoy as we ourselves are turned
into a commodity for the global enjoyment of others and us.

David Blunkett argued that the State is not the villain. He has a valid point, because the
private sector does not have a stellar record for protection the privacy of its consumers, and
individual users are unaware, uncritical and blinded by technology. However, I would argue
that the frame of reference chosen by Mr. Blunkett has an inherent political bias, being in
favor of the state machinery for the collection of citizens’ data.
Mr. Blunkett did not have the benefit of the perspective of a political economy approach. If
he did, perhaps he would not have chosen a state machinery where trust of its citizens is a
given, not earned, on the back of 9/11 terrorist and security concerns. Google, Facebook,
Twitter, Foursquare, and other upcoming stalwarts in the social networking space are also
demanding that consumers trust them implicitly. Neither private or public mechanisms to
protect privacy of consumers and citizens alike are working well, and in fact, some would say
they are failing miserably. Mr. Blunkett has said we cannot turn back the clock; knowledge
is the most important safeguard. We should trust the state to use its power to protect privacy

64
in the private and public sphere. Knowledge is the first step, but the state must possess the
concepts behind the primary, secondary and even tertiary value of privacy to society–

In a sense, one can say that the capacity to see (voir) is the function of knowledge
(savior), or concepts, that is, the words, that are available to name visible things, and
which are, as it were, programmes for perception (Bourdieu 1984: 2).

This dissertation is a first step towards examining the existing of a political economy of
privacy as a means to arrive at more humanistic rules regarding the logic privacy as a
commodity. There is much more work to be done. Foucault said that the modern soul was
born out of “methods of punishment, supervision, and constraint” and the soul “is the effect
and instrument of a political anatomy; the soul is the prison of the body” (Foucault and
Rabinow 1984: 184). Today, the “methods of punishment, supervision and constraint” are
part of a computational knowledge society – the recursive and incursive nature of digital
technology had led to the affirmation and acquiescence of an ethos of monitoring and
surveillance – but it has not set in stone yet. The public sphere as defined by Habermas is
tainted by disciplinary regimes of capitalism and state bureaucracy. The private sphere is
being eroded by the commodification of our private lives. Resistance is strong, and the
human spirit is resilient. Norms and conventions are re-asserting themselves in society.
Consumers and citizens are actively resetting, restoring and regaining momentary lapses of
privacy. The resistance is incremental but over a period of time, it can be powerful. If the
modern soul is the prison of the body, it may account for the millions who are fleeing our
bodies, trying new personas and identities in the social networking space. If so, it is even
more critical to develop humanistic rules to protect the future of the modern soul, searching
for liberation from the imprisonment of the body, the surveillance society and to achieve the
extensions of humanistic man in the digital realm of the private and the public spheres.

65
Appendix (Interview Transcripts)

Interviewee #1: David Blunkett (Former Home Secretary 2001-2004)

Date: Sept 2010, email interview.

1. Why is privacy important in the context of digital technology?

We have moved very rapidly (in historical terms, the blink of an eye) away from paper based and analogue
methods of communication - which has transformed access to information, but also exposed intrusion in a way
which would have previously been subject to physical (and therefore obvious) entry. In simple terms, the filing
cabinet which could have been locked, inside a room which could have been locked, inside a building which
could have been locked, is now contained on a file or disk (or deposited in the little understood cloud computing
facility). The transfer of such material from place to place, which would have been physically based (and would
have therefore previously required the high-jack or stealing of such material), is now subject to intercept or
tampering through e-crime or cyber encroachment.

2. Do you think the boundaries are shifting between the public and private?

Greater awareness of what cyber-space entails has increased alertness to the dangers. Frankly, the technology
has made the extension of existing collection, collation, storage and transfer of data easier, more rapid, and
therefore more liable to mistake or intrusion. It has not actually changed the basic nature of the vast amounts of
data which were held, which were transferred between agencies, and which were stolen or intercepted. In other
words, what is now writ-large was formerly much more fragmented and more difficult to get at (particularly
without being observed).

The private sphere however, has transferred what was personal intercommunication into the public sphere.
Facebook (and other so called personalised social-networking sites), together with texting and Twitter, have
completely changed the way people perceive their own privacy, their own activity and information, and the way
they quickly and, often without thinking, transmit this to others. In the past this would have involved mass
copying of letters, leaflets, posters (or the use of a megaphone). What new technology has done is to make it
possible to achieve what would have previously required absurd lengths in terms of communicating to others, in
the press of a button.

So many people over the last twenty years have believed that what they were transmitting was ‘private’,
including on MySpace. Even when they’ve recognised that it isn’t private, they become blasé about whether
about whether it ‘matters’ that it’s not. At the same time, those concerned with privacy as a fundamental issue of
modern times (the equivalent of John Stuart Mill’s musing on the rights of the individual) have made the State
the villain of the piece, rather than the user of the digital age in doing what it was previously doing through
paper based or analogue technology.

3. How can we manage privacy in this new environment, and who is threatening it?

The most important and relevant safeguard is knowledge. If we can increase awareness (originally Get Safe
Online endeavoured to do this) both for individuals/families and for business, we can both protect the rights of
the individual, ensure that society doesn’t become hysterical about the implications (we can’t turn the clock
back), and ensure security and safety in the business community (which has major commercial and business
implications - not least in providing an environment in which people are happy to do business in and from
Britain). Instead of simply seeing the State (in the form of government) as being a danger to privacy, we should
be demanding that government uses its power to protect our privacy - not simply in the public sphere but in the
private sphere as well.

Not having our phones tapped by the media, not having private enterprise hurt by espionage, ensuring that ‘no
card present’ transactions are properly safeguarded, all runs in parallel with ensuring that people understand the
enormity of the personal, private, as well as public threat. At least government has the Regulatory Investigatory
Powers Act (as strengthened), the Data Protection Act, and a variety of Commissioners checking and providing
a proper gateway - none of which is properly required in the private sphere of our lives.

4. Do you think new laws are required to regulate this space?

66
I think the laws we have need to be understood and enforced more rigorously (including greater powers for the
Information Commissioner). The resourcing of the Police e-Crime Unit, having a greater understanding of the
redesigned Serious and Organised Crime Agency (National Crime Agency), and a major drive in our education
system and public sphere to warn and encourage people to be aware, would take precedence over the need for
new substantive legislation.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

I’ve substantially answered this in question 1. However, there are a whole range of areas where people give
information readily without thinking through the implications. Loyalty cards (and the use of credit and debit
cards) are a good example of this where, in the private sector, the tracking of lifestyle choices, of movement and
of income, are readily and easily obtained (and given). There seems to be a presumption that if it is carried out
by government then we should be ultra-wary – and we should – but if it’s private then it’s fine! The difference
of course is that with government there is absolute scrutiny, media and pressure group activity, Parliament (and
other elements of our democracy), and monitoring and checking processes – as with the very sophisticated
requirements relating to security services and policing in terms of surveillance and phone tapping.

The sophistication of our modern society, the necessity of ever more sophisticated data-sets, the requirement in
the modern era for information, and the imperative for easy access and transport of such data, have all changed
dramatically. The one area where we still need to understand better the safeguards required (and where the
greatest fear exists) is data sharing. This is clearly something where some change (referring back to question 4)
in the law is required, but where Parliament has found it extremely difficult to legislate satisfactorily.

6. In your experience, how has privacy changed your everyday life?

I now presume that wherever I am, wherever I’m speaking (or having a conversation in any kind of public arena
– including for leisure activity) someone, somewhere will be recording this audibly and visually on their iPhone
or other equivalent. As someone in the public eye, I have no privacy outside the four walls of my own home and
those of my immediate family and trusted friends. I have had my life interfered with by the media - including
attempts to access my medical records, substantial 24-hour surveillance by national newspapers, unauthorised
and intrusive external surveillance using new technology, and possibly the tapping of the telephones of my
friends (but as far as I’m aware at the time of responding, not of my own mobile phone). All my information
relating to my income or public activities of any kind, are now registered and open to surveillance (including
online for everything that I claim from the public purse). So, having had my medical records digitalised, and
having voluntarily given my fingerprints as part of second generation biometrics (until cancelled until the
autumn on 2010), have no fear for me given what else is being intruded upon, sought or publicised.

67
Interviewee #2: Lord Richard Allan of Hallam (Director for Public Policy,
Facebook, former Liberal Democrat MP 1997-2005)
Date: July 2010, in person interview.

1. Why is privacy important in the context of digital technology?

I think simply that we have invented capture devices – photo, text, location, whatever it is – that are now in
everybody’s pockets and they are connected to a network which is the ultimate fast replicating machine. And so
pieces of information about individuals are almost ambiently being captured and then distributed massively. I
think I would want to distinguish between privacy and secrecy, but I think notions of secrecy in particular are
being challenged. The idea that a piece of information would not come out – the fact that you were in a place,
what your image looks like – those pieces of information because of the underlying technology are really hard to
keep secret. And to some people, and that they equate being able to keep certain forms of information secret
with privacy, and that is increasingly hard to do.

[Is keeping something secret part of being a human being?]

That is a really interesting question and there would be a long area of discussion to go into where there were
notions in smaller societies there is very little secrecy, actually everything is known about everybody within a
smaller group. What’s different now is those pieces of information are known to a wider audience. Secrecy as a
normal part of your everyday life, actually if you look at man generally it has always been quite a difficult thing
to achieve, except perhaps you could argue for a brief period in the 20th century when you had large anonymous
city-based communities, you could be much more secretive about what you did. I know there are a lot more
people who think more intensively about that. I simply say that that is the thing that is the most challenged, the
notion that those sorts of pieces of information – what you look like, where you are, certain things about you – it
is much, much harder to suppress those altogether. And actually that is one of the great benefits of the Internet,
for a politician who goes and abuses someone somewhere at a meeting previously where they could have been
abusive in private and charming in public, now the fact that someone is likely to capture them being abusive and
share that information widely, we would say is a good thing that was bad secrecy. I think the difficulty now is
that technology itself challenges all secrecy whether we think it is bad or good secrecy.

I think in politics, we are used to talking about that, in politics we talk about secrecy and transparency, and
actually we are lobbying pretty full on to say let’s have much more transparency. And in those kinds of public
life situations, we generally say that secrecy is a bad thing, where it has an impact on somebody’s political
views for example, or their political behavior. Again, there are limits – some people feel more comfortable
keeping some things secret. Again in our private lives, people keeping things secret from you is generally bad.
You keeping a secret from them is generally something you want to be able to do. I don’t think there is a
consistent answer to it. I just think it is something we have kind of assumed and it is sort of wrapped up in that
notion that on the Internet no one knows you are a dog. We sort of thought we had a technology that even more
secret where you could roam around anonymously around the world and kind of have secret engagements with
people. And that is now starting to be challenged and that is where most of the pressure points are. That is the
area where we are all exploring is, if you like, the price of admission to a particular technology or a particular
environment on the Net, is the sharing of a certain amount of information. We are all exploring those kinds of
discussions and decisions. The price of me being able to email you is that I give you my email address if you
can email me. That is a transaction that we are kind of familiar with, is that the sort of scale that we like.

2. Do you think the boundaries are shifting between the public and private?

I think what is changing is that…trying to define it correctly. There are things about you - let’s do it by way of
illustrative example. A friend of mine says his daughter got married on Saturday, and he tells me that by
Monday, there were 3,000 photos of the wedding online. That is, probably, a hundred people putting up 30
photos each. So that wedding that was a kind of private event to those hundred people is now a public event to
the entire Internet population if they choose to look at it. The fact that something is accessible, and again
technology is driving access to that information, in a way the fact that it is accessible doesn’t necessarily mean it
is public. And one of the challenges is how to distinguish between public and published. So that event was still
a private event for those people, and actually, the interest of most people is going to be between that same group
of people. The fact that they are able to share those photos within their group of a hundred people brings huge
benefits to all of them. They relive and re-enjoy the experience. But then there are other people accessing that
information – I would argue there needs to be kind of social norms around that, recognizing that whilst the data
is technically accessible the framing and the context of that event is as a private event, and therefore, an outsider

68
(and in fact this is what typical what happens) could see those photos and comment and join in the discussion of
the wedding. But they don’t and they reason they don’t is, I think there is a kind of understanding of social
norms that when that sort of information is published and shared, it is for that group of people. Whereas for
other things, if Barack Obama puts up a page, we can all go on there and say what we think about Barack
Obama. So I think the notions of public and private are not necessarily things that are changing – the thing that
is changing is whether something is technically accessible. And we are going to have to start developing
understanding and social mores, which as I say it is not from scratch, I think that they are there already, about
private data and events in the public space. And that would apply to all sorts of things – the concerns people
have about the photos of you when you are younger and things like that, parents looking at the stuff that their
children are posting. In a way they understand that, I think a lot of parents do, that if your teenager is posting
stuff that is not dangerous but merely a bit offensive, you should show some restraint in intervening because
effectively, you are eavesdropping. So while you can access that information, maybe you shouldn’t, because it
is private data in a public space. And again, that’s kind of inherent in the technology – there is a certain amount
of permanence and again, I think our notions of permanence are going to have to change so that whilst stuff
technically again is hanging around if it is not organized, marshaled or put into a context where it has some
validity or authenticity around it, again maybe it should be ignored, discredited or discounted. People will start
to do that where they will discount the white noise of information in favor of context. Again, it is technically
accessible but not always and so deletion will be…and I think it is already starting to happen, deletion is about
for example if you have an online profile, managing that profile you can remove stuff from that profile. That
data may exist somewhere else, but the fact that you have removed it from the profile tells other people that that
is not authoritative information, it gives it a different status from the information that remains within the profile.
Again there are limits to that – people may say there is massive information about you I am not going to
completely take the curated product. I think over time people will increasingly curate the stuff that they want
out there, delete other stuff as far as they can and expect other people to ignore the residual information. Those
are the skills we are developing – it is a really interesting area – there are some people researching that now -
online reputation management – those are starting to happen, you can think about connecting search engines to
other services to say when do they or what status do they forward information rather than just dumb indexing,
smart indexing.

3. How can we manage privacy in this new environment, and who is threatening it?

It is millions of people doing it all together. I actually think for the vast majority of cases, it is pretty much all
good. What they are getting is an extension of their social lives, new ways to engage with people, it is classic
the way technology works, it makes things easier for you. And the bad things are not particularly happening.
For a small minority of people, some things are happening that are unexpected or they are concerned about but
as I say, we are kind of learning together and there will be some bumps along the road. I think Facebook
informs the politics and vice versa, that the instinct of politicians generally something must be done we must
regulate something. And clearly the instinct of a company like Facebook is “hey we can fix it, you don’t need
to regulate us”. So I do sit kind of between those two instincts. We will have to see at the moment I am kind of
ninety percent Facebook and just starting to get re-engaged in politics and we will have to see how that plays
out, whether you do come under…probably the toughest thing is coming under pressure on the political side to
be more political about it, to be standing up and kicking these evil Internet companies. I am dealing with it
anyway [the criticisms of Facebook and its privacy changes over the last year] through the media, which are
even tougher than politicians. I think the fact that you understand how the business works and the approach that
is taken can really help inform the political debate. And the environment I am in, going into as a kind of a part-
time voluntary role in politics, I am not employed as a politician so I can better balance that those two up. And
the fact that they deliberately want you to be informed by real experience – so the real experience of being
challenged on how your pricing model works, on being involved on discussions with the business about how
that needs to evolve, how we need to respond and indeed Facebook did make changes in response to that debate,
being fully involved in that I think is hopefully going to be very helpful in thinking about the political debate.

4. Do you think new laws are required to regulate this space?

I think existing laws do apply. I think there is one mistake people make is thinking that existing laws don’t
apply, in fact they do. You are very conscious that you are working within an existing legal framework, which
actually is not a bad one, it is principles-based, it is pretty good framework. That is the first part is to say that
there are laws that are already there. The second part is to say it is tempting because something has happened or
you are concerned about something today, to bring in a new law. Firstly, the timescale of bringing that law may
mean that it is no longer relevant by the time it is actually brought in. And secondly, what it may serve to do,
and here is the big concern of industry and I think it is a valid concern, is to essentially impede innovation. You
may innovate your way out of the problem – what the regulation may serve to do is to effectively prevent that
innovation because it then defines a very narrow model. I give you by way of example, take a piece of
regulation, Germany says you must have on a webpage a contact, which is an email address. If you run a big

69
website, open email addresses are completely useless you get spammed and they fail to be useful because you
get a million emails a week. So you use contact forms. The technology has evolved so we have gone from email
to using contact forms but the law says it must be an email address. Generally, new regulation tends to do that –
it tends to regulate the state of the art of today, and doesn’t allow for you to innovate away from the future.
They [the social norms] kind of do [find their way into industry] through your millions of customers. Again
there is an assumption, and this is where the debate is changing, that you are a big organization that is doing
things to poor weak citizens. The mistake is to think that most web services are not institutions in that way.
They have a very different relationship and they are mostly about communities of millions of people kind of
working together. The pressures you feel from that community is very different, their ability to move because
of the technology is very high, we are very conscious of that all the time. Ironically, they [the media] are the
ones that whip up the campaign and then we will respond sometimes, so they are kind of demonstrating
themselves – they kind of go “you big evil corporation you are not responsive – and then there will be an
example of how we are responsive because the users are talking back to us. We really do understand the power
of the user.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

The notion of the principles based legislation that has been enshrined in the European Directive, the actual data
protection direction, which is also similar to Canada, Australia and a number of other countries. That notion
that you can take certain principles of data protection rights, privacy rights and however you want to express it,
and that should be the foundation of the way, which you should treat data I think that has been one of the
revolutionary things.

6. In your experience, how has privacy changed your everyday life?

I started with blogging so I was obviously a sharer from the beginning. Social networks I think in a sense just
sort of democratize that they make it available to the masses, that notion of sharing. I started off instinctively
uncomfortable about sharing information. I am now getting to the notion that – well I could do it in certain
sectors and certain areas I knew it was right like the use of software but that was kind of theoretical if you like –
but this was like personal sharing. And now I am, through experimentation, I am starting to understand that
there is real value in a reciprocal relationship where I know things about you, and you know things about me.
About what it is we should share, and what is it we shouldn’t share but the notion that the sharing itself is good I
think is the bit that is interesting and most surprising. I remember going way back meeting one of the
contestants of Big Brother early on. I think Big Brother is majorly impactful in all of our thinking. I met one of
the contestants and I was talking to her asking, “what was the experience like”. She said that the weirdest thing
is when I meet someone, they know everything about me and I know nothing about them. It is a really unequal
relationship. Actually increasingly through our web identities, even just Googling somebody, when I meet you
we can each know quite a lot about each other, but it is much more reciprocal than, more equal and that is good.

70
Interviewee #3: Tom Watson (Labour MP 2001-2010)
Date: July 2010, in person interview.

1. Why is privacy important in the context of digital technology?

People living their lives in a digital realm and there is going to be a permanent footprint. And so, I think as a
society we are still working out notions of privacy, and taboos and social acceptability in a digital age as
people’s lives unfold on the Net. We still got to tease those things out but one thing where I think we need to get
to a point where citizens own or possess their own data. And that is not easy. When people die, who owns their
web page?

2. Do you think the boundaries are shifting between the public and private?

I think that is as yet a question unanswered. My instincts are that there will be a greater degree of tolerance
from individuals about what is private and public, in that I mean people will be more relaxed about more people
knowing more things about you. I don’t think that theory has been proven yet. I just kind of think that there is
going to be so much out there about you, that when this generation of Facebook users get their embarrassing 17
year old photographs replayed to them at a job interview at the age of 25, you will have a generation of
personnel managers that have had that done to them as well, people will just be more relaxed about it. In one
sense, it might actually be kind of liberating that we will just create a more tolerant society. Young people do
dumb things, and I can prove it because I got the photographs but I don’t think we know that yet. I think we are
in a giant experiment with digital rights and privacy. Which is why I don’t think government can be too
prescriptive. We have got to be framing the debate I think, allowing the voices to be heard but it is quite hard to
know where government intervenes, what is acceptable, and what is socially acceptable.

3. How can we manage privacy in this new environment, and who is threatening it?

I guess the threat now is people harvesting data for commercial use, in the sense that they passed the line on
what people think is right or wrong. You only need to look at Facebook – when Facebook change their privacy
settings and their consumers don’t buy into it, there is an explosion. But this is all about people testing the
waters. And I guess if we carry on, on this journey, this is the point about people being able to control their
content, the data and their own creativity in some of these big spaces. There are a few contradictions in
Richard’s view of the world and working for Facebook and there are contradictions in life. He will be a force
for good within the organization, so that is how I think he rationalizes it.

4. Do you think new laws are required to regulate this space?

On privacy, yes eventually. I am not in government anymore so I am not driving things. But I think
government needs to understand what’s going on online than it does already. You think government should
publish in a single place a data sharing register – that means every piece of transaction is shared, every piece of
data it transacts with itself is out in the public domain for public scrutiny, so government can lead by example
and use its leverage to set the example. It doesn’t necessarily need to legislate but ultimately, we will have to
legislate on data and privacy and all this kind of stuff. I don’t think there is a very clear right path to take yet,
there is some more understanding we need to do and some directional changes and we need to just put our finger
in the air and see where the wind is blowing on some of the big data issues online. Government needs to do
more than legislate is probably the clearer enunciation of what I think. I don’t think they have the technical
expertise and I don’t think they quite understand the cultural changes gone on the Net in the last decade. That is
a civil service problem. In fact, it is exacerbated by their recent decision to cancel the contracts of most
consultants because most of the web people and the “digi” people who work for government did it on contract.
So there has been an exodus of people who understand some of the key points on this, and they are going to be
in real problem if they don’t remedy that. It is interesting in the last session there has been this argument, I had
not heard this argument before, that we need to get beyond the ICO now and people should have the right to
bring private cases. The ICO after the HMRC data loss, the Information Commissioner demanded a much
bigger budget, but I don’t think he got a bigger budget but he did get a bigger pay rise. And I know from my
inquiries that my committee have done, they have made decisions on whether to take criminal cases when the
key consideration has been finance. It is always the same in the public sector; some of the cases they chose not
to take was so huge that there is clearly a problem so I think there is a funding issue for the ICO. I think the
ICO is probably a little timid when it comes to using the remedy in the courts, and in the using the powers that
they have got and prefer to use persuasion. But sometimes you need to have example cases as well. I don’t
quite know why the ICO is not as effective as it should be – I don’t know if it is leadership, finance, legislative

71
clout or whether we need but I would not be opposed to other remedies beyond the ICO if we allowed private
cases to be brought. More tools.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

There is the data protection act of 84, which was obviously a key turning point where people realize that
ubiquitous computing technology that this was going to be a growing issue and set itself down the path. That is
probably the seminal piece of legislation that people have added to, meccano-like, over the years. It has got to
be the growth of ubiquitous computing to allow more data to be stored, data storage. That is the biggest
challenge I think.

In general, politicians know…let me go back to my original point, politicians are busy generalists, they kind of
sense there is a problem, it hard for them to define what the problem is, and therefore, it is hard to get a
conclusion. And when you are in these areas of policy that require quite a deep technical knowledge of the
issue, it is hard for a politician to show policy leadership in that area. So you kind of end up with a machine
running very slowly, and the public sector service pick these issues up. Which is why the sort of legislative
form of response is usually reactive if there is a big data loss scandal. So government in general is not proactive
in this area. There needs to be big consumer campaigns or big mistakes made. What it then means is you have
got a Meccano-like legislation rather than looking down on it from a bird’s eye view. This is a big issue, but is
it the biggest issue for all politicians when we have got big international, we got the bank in six sectors melting
down, Afghanistan and Iraq in the UK context. You see what we have got is a general sense of unease in all of
this area because we have not had the definition right then we get all sorts of little spikes of activity from CCTV
to all that kind of stuff. It is not just the public sector, it is the private sector as well. I just think that because of
the speed of change and the huge disruption that the Net has caused – cheaper and cheaper storage – we have
not settled what our view is yet.

6. In your experience, how has privacy changed your everyday life?

Well, mine is not really about data. I crossed the line from being a private citizen to a sort of public figure 10
years ago, which a lot of journalists think gives them the right to knock on my door on a Saturday morning and
ask my wife why I have done x, y or z. So which kind of means I have had huge intrusion into my personal life
but that is not dictated by technological change. My digital life, thankfully, there aren’t any pictures of me on
Facebook on what I got up to when I was seventeen. That is for the next generation of politicians to contend
with. I took a decision when I first set up my blog, which is my first digital journey as a politician that
everything I did in the digital space was in the public domain. Everything I said, everything I put out there – I
have gaffed and embarrassed myself a little bit, but so I have always got the little voice telling me that I just
consider what I do online to be public domain. But that is different to most people, and of course it is different.
Maybe the consequences for me are greater than most people. I was interviewed by the Guardian, and they said,
“how many visits do you get on your blog?” I said 400 on a good day and 20,000 on a bad day. In my world, if
you are spiking on the Internet it is usually because you have done something dumb or idiotic and I have on
occasion.

72
Interviewee #4: Richard Clayton (Security Researcher, Computer Laboratory,
University of Cambridge)
Date: June 2010, in person interview.

1. Why is privacy important in the context of digital technology?

Because privacy is important in all aspects of life so it has to be important in the digital world as well.

2. Do you think the boundaries are shifting between the public and private?

You have to look at it historically. If you lived in a small village in 1543 then you were entirely private,
everybody knew you, everybody knew your business and so forth. Privacy in some senses were for the rich, and
as people moved into the towns in the 18th and 19th centuries, and then basically you knew less about your
neighbors and therefore what you did became much more private. To some extent, that is being eroded in the
digital sphere because people don’t fully understand what is visible, what they reveal about themselves
inadvertently, and if they did understand that, I think they wouldn’t do so, because we now have a culture where
we expect privacy and if you shut the door or closed the curtain then what you do is private. And I don’t think
people understand how to do the same sort of thing in cyberspace. And there are people who aren’t interested in
privacy and want to know everything about you to better sell you things or to better control you, then they are
exploiting various other things you can do in cyberspace in order to know more about people. They don’t know
everything about you, but they know a lot about what you do online and as people go increasingly online, that
means more aspects of their lives.

There is now private browsing built into browsers in that anybody who has access to your laptop will not be able
to see where you have been browsing. But anybody who was able to monitor your traffic, then clearly knows
where you have been browsing and the sites you browsed to, may or may not know who you are, they are very
likely to recognize you when you come back again even though they don’t know who you are. One of these I
would say is that people would recognize you even though they don’t know your correct name, if they keep on
knowing you when you come back again, treating you specially because of your past history, I think that’s a
privacy matter.

Yes you can build a profile of something but the fact that you can’t link that to somebody in the real world
doesn’t actually stop it being privacy infringing, it just means that they cannot turn up and blackmail you with it,
and you can treat you differently when you visit the site.

If you went into the same bookshop in Soho even if the people there didn’t know your name they knew which
sort of magazines you bought because that is part of being a good shopkeeper is to know your taste and they can
do the same thing on the Internet. They wouldn’t know your name, and they would treat you differently. In
principle, if a policeman arrested you and took you into the shop, the shopkeeper would say “hello mr. smith
you have come for another one of those brown paper covered things” and the policeman would deal with you
appropriately. And the same thing would happen online – people recognize you and come back again. Now
people get particularly interested if you can link those online personalities with real world events. Because you
can either tie things together across sites and the sites where you have given your real identity or you are able to
use the IP address and then coerce the ISPs to translate it back into an account holder name.

Basically, it is clear that a lot of the marketing people don’t understand the concerns about privacy, and I think
that aspects of privacy stop people using systems, which they might enjoy using, or have some benefits for them
because they are concerned about the privacy aspects. I fear that most of the time it is the other way around and
people just carry on using them without paying any attention to privacy aspects. We are beginning to see some
sorts of examples, which is recruiters looking at people’s Facebook pages form an opinion about them. More
interestingly, they will form an opinion about whether they will give you a job based on looking at your
Facebook page, or what appears to be your Facebook page. And that’s not necessarily a proper way to deal with
things, because people aren’t used to what is exposed, they tend to apply higher standards than would otherwise
be the case. In 10 years time, when everybody you hire you can find a picture of them lying drunk in the gutter,
you going to have to face up to the fact that you would have to hire teetotalers, or alternatively they are just
going to have to say that one or two pictures like that everybody has one of those you just have to take a view of
it. We are kind of in the intermediate stage where everyone would get rather excited about that.

3. How can we manage privacy in this new environment and who is threatening it?

73
People often make comparisons between the Internet and other, the car analogy, because we have never ever had
anything quite like the Internet before, and the systems which run on it are all extremely new. The things which
people get excited about are considered a bit of old hat now, like Facebook and Myspace, You Tube and so forth
basically did not exist in 2004. We are talking about a whole series of technologies, which are less than 5 years
old, Twitter is about 3 years old now, all of these things are extremely new. And therefore it is very hard to
understand immediately and certainly for somebody in the general population to understand what the issues are
with using them.

I think part of the problem is that people set up things like Facebook with a, well, …Facebook was clearly set up
starting with no clear idea how to make money, it was for fun and to bed some more girls. And the realization
has come to them, that in order to make money they need to know about the people who use it. The product of
Facebook is the people who use it, who they can sell to advertisers and therefore they need to know more about
it. In a rather crass way they have gone about, basically ignoring everyone’s privacy concerns in order to have a
better product to sell to people. The difficulty people face is you can’t get actually very much out of Facebook
if you don’t actually tell it anything. And ultimately that would kill Facebook, because I think the people have
to see a better model, which is somewhere between those two. A little bit more privacy respecting but makes
clear that if you don’t tell the platform anything, either because the platform is not viable or you have to pay for
it or whatever. The lack of privacy is the product. [Huey: Being not private by default is the experience] Yes
for most people it probably doesn’t matter very much because although the advertiser knows a lot about them
and it doesn’t really matter. The difficulty is if you are trying to hide from somebody, an abusive ex-husband or
someone like that, then basically the standard advice is do not get a page on Facebook because you will be
found. It is not possible to hide in that environment. So when you start looking at it that way, it becomes clear
what the risks are, of using a system like that. For most people, that is not actually a physical risk, it is just a
long-term risk to things, which they didn’t think they told anybody and as it turns out, they told somebody, and
now everybody knows.

I think most people do – when they are online, they pretend to be somebody else. Usually a better person than
they actually are. Perhaps thinner, longer hair, different age, that sort of thing. [Huey: The whole point about
Facebook is not being anonymous. But you then have to create a public profile that is very different or you have
to be very conscious about what that public profile says.] But then most people don’t put absolutely everything
they do onto Facebook. They selectively edit what they are going to say, and that can give a slightly different
impression. To be honest, most of the pictures of people lying drunk in the gutter were taken by themselves.
They were taken by their friends and tagged to show who it was. Most of the work we have done have strongly
indicated that the risk here is not you will give away secrets but you will be linked to the secrets given away by
your friends on Facebook.

[Richard explains research done at Cambridge on a person who is not on Facebook but it is still possible to find
out who is the person’s girlfriend, etc from the descriptions given by his friends of this person’s exploits.]

4. Do you think new laws are required to regulate this space?

I am not sure you can legislate because it is kind of a cultural thing and the systems which people are using are
multinational in that the concept of privacy per se is different in the US from here from say France and indeed in
Dubai. And therefore I cannot see how you can regulate for privacy per se. What I think you can do is that you
can constrain people like advertisers and so forth from processing data in particular ways, and you can also
prohibit various forms of collection of data. In particular, anything which is not entirely obvious that the data is
being collected should be and often is already outlawed. Systems like Phorm which is sniffing on the traffic
going up and down your laptop and the ISPs is illegal under UK law and we don’t really need to have new laws
just existing laws enforced.

[Huey: Do you think this shift has to do with changes in society and not technology?] No it is entirely
technology because there have been shifts in society in terms of the way in which we bring up children the way
in which we view marriage and that sort of thing which has been quite marked over the last thirty years or so.
But what’s happening online in terms of people putting out details and so forth, basically there is no real
difference between this and going down to the pub for a good old gossip, its just that it done in a digital world, it
is potentially permanent. Although we say it is permanent future historians may decry the fact that it turned out
to be not very permanent at all. There is a very good argument that we are going to know more about the
Tudors and how they run their palaces than how Tony Blair ran 10 Downing St because we were just moving
into a digital age and as a result of which almost nothing went on paper everything is sitting on spinning disks
and if the spinning disks are not properly preserved then we will know nothing about what happened. That’s
important for historians so I guess we will have – if we want to know what life was like in the forties, we would
look at diaries of people who lived through the wars and you can get phDs from reading housewives’ diaries and
extract about how people really felt about the country and those times. Now you would look at people’s blogs,

74
Facebook pages, and so forth and if Facebook does not preserve those then people themselves will not tend to
preserve them. As a result of which we will have a poor understanding of how people really felt in these times.

Digitizing stuff does not preserve it. There is a real distinction between digitizing stuff and preserving it. The
Library of Congress wants to preserve the tweets. If you want to understand the impact of a particular pop issue
or understanding privacy through Big Brother, I doubt you will be able to view this in 2120. You won’t be able
to read the MySpace pages on what they say, or what they commented on or what is important to them. This
lack of having a commentary on what is going on will disappoint future historians considerably. It is a
counterpoint to the privacy thing. Today, you know more about your neighbors but in 10 years time, you will
know less about them.

[Huey: Why would we be worried about privacy in that case?]

We kind of got off on a tangent, as it is not immediately to do with privacy. The reason you care about privacy
is because people have been culturally brought up, and as I say, it is relatively recent that they feel they should
have privacy, there is an expectation of privacy and I think you risk damage to them if it turns out that their
expectation is wrong. When I go shopping in my corner shop, I am delighted when I come in and they say
“Hello Mr. Clayton, nice to see you here and what are you buying today”. If I go shopping in Tesco’s, which is
huge and anonymous, and fifty checkouts and if I see the same checkout person more than once a year, it is
astounding. If what they can do is they can swipe my card and the screen prompts them to say “Hello Mr.
Clayton nice to see you again”, then I find that disturbing. If you go into Tescos, where there is an expectation
of privacy in terms of, you kind of know they know who you are, but equally they are not going to reveal that.
In fact, Tescos knows a very great deal about you, and knows how many people there are in your family and so
forth. It used to be when you went in with the Club Card they asked you how many people there are in your
family. They don’t ask that anymore because they can work it out by seeing how many toilet rolls you got. And
they can translate that into the number of people so they know a great deal about you and one kind of accepts
that as being but what is disturbing is when they overtly exploits that. The story in the US of somebody who
went into a supermarket and slipped on a wet floor, which wasn’t properly marked and they sued the
supermarket and the supermarket then started digging through his records and showing how many bottles of
booze he had bought over the past year, the implication being that as he was a drunk and he could not be
expected to stand up straight. It was a surprising use of the data, which they held and processed lawfully, and it
is kind of a surprise to everybody. Catherine Albright (?), she is behind a movement in the states to ban
supermarket loyalty cards. She has a fantastic story of going to talk to a bunch of high school students about
these wicked supermarkets and how they held huge amounts of data about you and they knew exactly who you
were and what you want and so forth. How this was terribly wicked and it should be made illegal and so forth.
One of the high school students stuck up her hands and said “but please miss if the supermarket doesn’t track
this, then how do they know what you like?” Which is basically a complete reversal of the way in which we
think of the role of shops in terms of providing us with a range of alternatives where we decide what we like,
rather than we tell them what we like and they only make that available.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

The concerns about things like cookies and tracking cookies and that sort of thing, are real privacy concerns
because someone like Doubleclick can work out what sites you are visiting, and construct a profile about you
without you being aware of that had been done. Though interestingly after Google had bought Double-Click,
Google then came out with a big announcement that they were now able to do, they had a whole list of things
which came down to things we thought Double-Click had been doing for 10 years, and from the sound of it,
didn’t worked very well and now Google is going to make it work properly. So Google knows a great deal
about you, they get to see all your searches, it gets to know, gets to read all your emails and store it forever, it
gets to which ads you click on, it gets to know which sites you visited and so forth. It has a huge view of you.

I would still be worried about it if that information is split and filed in six different countries. The fact it is all in
one company who seems to view the holding of data as really important and therefore is not prepared to even
make any sort of compromise to the small percentage of people who are concerned about it. Frankly if they said
you can opt-out of all of this and we will collect no data about you, and if we ever collect anything by mistake
we will throw it away within 24 hours, just sign up here and you must always say who you are when you turn up
so we know you are one of the special ones but that’s just fine because we absolutely promise, etc. 1 percent of
people will turn up and frankly they don’t care if 99% of people don’t. If 99% of people took it up, but they
won’t because people don’t understand what the issues are. The issues only become real to you when you
suddenly discover you have an unusual medical condition when you want to or it impacts you socially. Two
elections again there was a huge row during the elections about an old lady who had been taken into A&E and
who had been left on the trolley for 24 hours or something. The big election row was whether or not the NHS

75
was working and so on and so forth. In the middle of all of this, Downing St took it upon themselves to release
their medical records. Which was outrageous and it should not have been done. But the little old lady was very
upset. She wasn’t upset about the generality or that the whole of the country knew about her medical condition.
What she cared about was now everybody on her street knew that she wore a colostomy bag. So privacy,
though telling everybody in the world something sounds really bad, but when everyone in your street knows
about it, which is what actually matters to you. Because privacy is a very local concept. But I still think that
even if people don’t know who you are, like if some website pop-up asks “are you thinking of buying a
colostomy bag” the fact that the website asked even though it doesn’t know who you are, it is an infringement of
your privacy to be reminded of something that you do not want everybody to know. Tescos fell into that once –
one time they sent me a fine little thing with my Club Card that said “Dear Mr. Clayton, as a vegetarian…” but I
am not a vegetarian. I know people who are vegetarians and they are very fine people and I am not that good
and I am not a vegetarian. I just don’t happen to buy any meat at Tescos. So I was really cross that Tescos was
accusing me of being a vegetarian. Data jumps to a conclusion as they are usually correct. [In this case,]
Tescos made a deduction and the deduction is incorrect. Why should people make deductions about your online
behavior?

6. In your experience, how has privacy changed your everyday life?

I pay a certain amount attention to what I put online. So though you may find me on Facebook if you look there
you will find nothing on Facebook that you cannot find from somewhere else. Which probably means that I am
getting almost nothing out of Facebook and I should leave and it will make no difference in my life. I am fairly
cautious about what I say and what I do. That said, I do put out a lot of information - I put my home address,
my mobile phone number on the website and everybody in the world knows where I live and can look me up.
Equally I have been in the phone book for years and so you could have found me in the phone book and so
forth. I am a little careful about what I say, I don’t go out of my way to explain where I sleep every night, or
what my taste in food is, etc. You won’t find that sort of information online because I make sure not put them
online.

I don’t think people do [understand Facebook and Twitter is equivalent to broadcasting] because I think they
think it is one-to-one. They think only their friends can see it. A lot of criticism of Facebook is that it isn’t
obvious that you have told something to the whole world as opposed to the 100 hundred friends you have or the
10 people who actually care. It is the fault of Facebook because they have been changing the rules and setting
up systems, which are so painful that, even the experts have no idea. It is so complex.

I don’t think most people understand how many people can see who their Facebook friends are, they don’t
understand when they type something who can actually see it, they don’t understand when they fill in a status
message as to exactly who can see, whether or not it can be visible to a search engine or whether or not it can be
archived by somebody else, etc. No I don’t think they do properly understand who can see what.

I am sure it crosses the mind of the Minister of Health from time to time if only we had written detailed buying
information on how much booze people are buying then we can tailor the NHS to their reality – you are buying
too many cigarettes so we will put you back in the queue, etc. But I think most people still view that as
outrageous, an unsuitable thing for the government to be doing.

Joe would argue that MySpace has failed because it has failed to control spam. It may be that in another two
years time, Facebook has failed because it failed to deal with privacy problems. Because something comes along
and it doesn’t work as well but it does not have that particular problem, then I believe people will move through
it, much the way that people moved from MySpace to Facebook. Facebook is not going to be the platform of
choice for decades to come.
I think we are going to see much more controlled environments when information just does not go beyond a
small group of people so you have a standard platform but the actual information flow is much less global.
Overlapping smaller networks but without the automatic flow between them. People did not say “oh, it was
terrible, that Messenger had these privacy problem” because that is not the perception of it. And you have
control of it, you knew when you said something, you know who heard it. I don’t think people do [understand
Facebook and Twitter is equivalent to broadcasting] because I think they think it is one-to-one. They think only
their friends can see it. MySpace first and then Facebook, and things before Facebook like Friendsters and so
forth but not a huge impact in the UK. Friends Reunited had a big impact in the UK but basically dropped away
because people have gone to Facebook instead. Friends Reunited again, privacy is not a word you would
associate with that, but it has a huge social impact in terms of people being able to get in touch with people they
lost or in school because again if you go back to 1540, the concept of you were either in the village or not in the
village. If you went away, you never came back. And the move to the town is a mixture of people you meet
later in your life and you never met them again. Suddenly, Friends Reunited turned that on its head. So that had
a huge impact. I am not sure privacy is quite the word for it, but the impact of what had happened…

76
In general, the marketing people are not interested in knowing exactly who you are because that is just too
complicated. What they want to do is to put you in sixty or seventy groups and they treat you as a group and
they gather as much information as possible to be more and more certain because people do not fit neatly into
sixty or seventy groups and the more information they have the better guess they can have as to which of the
groups is the best fit for you. Then they will treat you as being in that group.

In the meantime, they have collected a huge amount of data about you and suddenly you decide that you want to
form an opinion of somebody, you or the police is trying to do decide that they may or may not be doing
something bad then all of a sudden you have this huge insight into their lives by looking into this data. This will
only affect the minority but this idea that people can snoop on you if they want to. Alternatively, only your
neighbor can know all these things about you.

77
Interviewee #5: Ross Anderson (Professor of Security Engineering, Computer
Laboratory, University of Cambridge)
Date: June 2010, in person interview.

1. What is privacy important in the context of digital technology?

Privacy refers to a very large bundle of things, from private goods to social goods, which varies from one
country to another. In America, privacy notoriously includes the right of a woman to an abortion because that is
how the American legal system managed to find a loophole, which enabled them to legalize abortion. If you
ignore these “edge” cases, then privacy as it seems in America tends to be context specific. You have particular
laws for things such as video rental and health privacy, and privacy of financial records. However in Europe, it
is seen to be generic. It is often seen as a right to information self-determination. Also it probably goes back
before that to the European Convention of Rights, Section 8, and the European Convention was essentially
written by Winston Churchill after the war in order to export British values to the country recovering from
World War II. In addition to that, the Germans because of their particularly bad experience enshrined a right to
privacy in their constitution. And as a result, Europe now acts like it is the world’s privacy regulator. The
reason for that is if you are an American company, you have to take account of what Peter Hustings and his
guys in the European Commission think, because they can cause you great damage. If you break their rules, and
nowhere else is big enough to matter. American doesn’t care except in specific industries. And if you have a
privacy rule in somewhere like in Singapore, then I am sorry but it is just too small to make a difference. I don’t
mean that in any bad way but even Britain acting on its own is now too small to make a difference. Britain can
only have an effect on globalized policy positions by acting out either through the European Union or as in the
case of copyright, through treaties.

So why does privacy matter at the sharp end? There are roughly speaking three or four things that people really
care about. Firstly, they care about their health, they secondly care about their kids and they thirdly care about
their money, and fourthly there is a grab bag of other things such as religion, sexuality, and so on that is salient
to different groups of people. So within each of these groups, privacy varies according to people’s situation
and their stage in life. Health privacy for example to most young men in their twenties and thirties, there isn’t
much of an issue because they have had no serious or embarrassing diseases yet. An exception is women who
have had termination of pregnancies, which are badly seen in some cultures. And similarly with very old
people, privacy may not be so salient. A man in his eighties may bore his neighbors to death with stories of his
latest operation. But for people who are in the middle of their careers, men in their thirties or fifties who are
trying to get that last promotion to the board of directors then they may wish to keep quiet the fact that they have
had a mild heart attack or something like that, because it would make their unpromote-able. So that salience of
health privacy varies significantly but it is big enough and affects enough people that it is important. There are
also some large minority groups who are affected. And one group that many people tend to forget about is men
with criminal records. Because in Britain, something like a third of men have a criminal record by the time they
are thirty. Also in most cases it is for some relatively minor thing – got caught smoking dope at university or
whatever. Nonetheless, it can have a very negative effect on employment prospects. In countries like Britain,
we have laws, which say that after a certain period of time depending on the seriousness of an offence you are
allowed to pretend that it never happened and allowed to make sworn statements that you have no previous
convictions. That can of course be undermined by electronic technology. Suppose you are a 50-year-old man
aged 18 was fined 10 pounds for taking a piss in a telephone box after a football game, to the 50-year-old man
that’s safe ancient history. But in the future, somebody might be able to go to Google and get the report on the
magistrate’s court.

How do we deal with this “societally”? Different countries take different views – the Germans take the view
that reports of court proceedings are de-identified and the court will produced an official sanitized version for
legal scholars. In Britain we have kind of muddled along and hoped for the best – the view taken by Parliament
when our own Act of this kind was passed was that it’s not perfect but it is probably good enough. And across
the world as a whole, there will eventually be simple economic pressure against unreasonable discrimination.
Because if you limit your talent pool too much, if you decide you only hire programmers if they tick lots of
green boxes – no criminal records, no health problems, etc – you might find that you are discounting half of
your applicants. If you add in health problems, family history of mental health, that is another really big issue –
something like 10% of people will have some mental health problem at some time in their lives, that is serious
enough to appear on GP health records. Many others may have a smaller problem of which some trace appears
e.g. minor depression. And again this is socially heavily stigmatized. And the curious thing is when it comes to
medical diagnoses; there are some diagnoses that are absolutely a third rail (this matters for us if you touch the
“third rail”, the rail with 800 volts in it, you would die). If for example you ever get a diagnosis of psychosis,

78
then you are never again allowed to work as a doctor or a number of other professions. There is a very fine line
between a diagnosis for depression and a diagnosis for psychosis – when somebody has a mental breakdown.
When you starting attaching stigma to certain diagnosis, then doctors will understandably start to be very
reluctant to make these diagnoses. And as medical privacy breaks down, so the reluctance will become very
much greater.

We have seen examples here – two years ago, the police went to a family planning clinic in Britain and they said
“please given us your records of all of your customers aged under 16”. Because when a girl under 16 gets
pregnant, then a crime has surely been committed. The lady who runs this family planning clinic said, “No, go
away”. Now the curious thing is the police are within their legal right, because in Britain the law allows the
police to demand material evidence of a crime. But the lady told them to get lost and they were sensible enough
not to pursue the matter. Why? Because they realized that if it went to the European Court of Human Rights,
they would lose. And as a result of that, the police powers to gather evidence would be legally curtailed.
However there are proposals now to move all Britain’s medical records onto central databases. And if that
happens the game changes. Because the police are not going to a lady in their fifties, who is a gynecologist and
whose patient privacy and business model are all directly under threat by this request, they are simply going to a
24 year old shift supervisor at British Telecoms who runs a database. This is about security economics and who
has the most incentive to find it. And that is one of the things that happen when you centralize everything as
you have in Singapore in that all of the incentives become the incentives of the Prime Minister, and no longer
the incentives of the citizen. It is a big problem for Singapore – you got an authoritarian government and so far
it has not been disastrous, but the problem is what happens when you got a bad government? This was the
history of ancient Athens – because again and again, you would have a good kind then his son would be a bad
king or if not his grandson would be a bad king, and the people would rise and revolt, they would have a civil
war, and whoever led the revolt would become the new king, he would be a good king, then his son would be a
bad king, and after a few hundreds years of this, they said “guys this is too expensive, why don’t we invent
something better”. Which is where democracy comes from. There is a problem for countries on the Asian
model – what happens when eventually you get a bad government, and it is not if, it is when. You can be very
efficient and run things in a light weight way as long as you are lucky enough, based on a ruling family that is
halfway sane and competent. I once spoke to a very senior Singaporean official over lunch and he said, “Ross, I
believe you disapprove of ID cards” and I said, “Yes we oppose ID Cards”. In colonial times he said there were
two laws in Singapore – white people didn’t have ID cards and we Chinese people – so after independence we
had to go one way or the other, and I am sorry that we just decided that white people have got to carry these
thing too.

2. Do you see privacy as a legal construct as opposed to a social construct?

I don’t like using the words “construct” because it is associated with Derrida who I think is fairly thoroughly
discredited. It is something whose fundamentals lie in the nature of the human brain – that part of our behavior
and our attitudes which evolve during the crisis over the past three to five million years – in that we evolve in
small groups, we appear to have developed most of our brain size around two or three millions years ago when
we changed from being in small family groups in forests to being in extended groups in a hundred or two
hundred people on the plains, and much of human intelligence seemed to have evolved to cope with social
complexity. Given that this is what we are, our deepest human nature, there are some things that we wish to
keep private from other people. And if you move into a socio-technical environment when that is difficult, then
you need compensating rules, you have conventions that arise for stability, it is useful that some of these
conventions get encoded in laws. And everywhere you look, you find that there are some kinds of legal redress
even in America where they are very fragmented, they still exist. But they have arisen by industry by such as
HIPPA, the healthcare rules which was put through by Kennedy and Casabaum (?) as a response to complaints
by people that their personal health information was leaking out through insurers and so on, and was causing
real distress. The video rentals law was passed after Judge Bork was frustrated in his attempt to become a
Supreme Court judge. There is a requirement for these, and the question facing countries like Singapore,
whether you do it well or do it badly.

Data protection law is an implementation of one aspect of privacy law. It started off in the 1960s in Germany
when people began worrying about the government having too much information on them. When it came to
implementation, this didn’t work so well outside Germany. In Britain, for example in 1982, when the
government started talking about implementing its first data protection act, then Home Secretary David
Warrington told everybody that this data privacy thing, he doesn’t really approve of it, it’s a German thing like
ID cards, but we have to do it otherwise British companies won’t be able to process data from Swedish banks.
We will pass the law but don’t worry I will see that it doesn’t get in the way. So we have an information
commissioner with almost no powers and no technical staff and he is dumped in the middle of nowhere in
Cheshire and the government has chosen as the information commissioner someone who is really malleable who
doesn’t believe in privacy and who would do what he was told. And so in effect, in Britain, the data protection

79
law is just theatre. It provides the appearance of privacy without the reality. Now what’s changing this in
Britain, is it is now possible in Britain to bring a case to court directly in Britain under the European Convention
of Human Rights, through our Human Rights Act of 1998. And so, the big show stopper at present in areas like
health privacy is the case of I vs. Finland. Ms. I is a nurse in Finland who is HIV positive and she was hounded
out of her job in the hospital because her colleagues could see on the computer systems that she was HIV
positive because she was also a patient at the hospital. She went to the court and she was unsuccessful in
Finland. She went to Strasbourg and the court said she gets compensation because everyone should be able to
restrict their personal health information to the physicians who are directly involved in their care. In other
words, if you can’t get medical care without the records become available to thousands of other doctors, nurses
and civil servants, and thousands of researchers and others, then your privacy has been violated. The terribly
embarrassing thing for the British government is that they have spent millions of pounds on a system that is
light years from complying with this. They always believe that they can use the power of Parliament to make
any problems go away. But they cannot get out of the jurisdiction of the European Court unless they withdraw
from the European Convention on Human Rights, which also mean the Council of Europe, and since the most
recent EU treaty enshrines the European Convention of Human Rights into EU Law, this means they would
have to leave the European Union as well. As a practical matter, I vs. Finland has also become part of the British
constitution. This is something that the government in London finds it very difficult to deal with. They can deal
with the European Union because in the European Council that is for the government ministers to horse trade.
But there is no quid pro quo with the European Court – the judges’ rule, and that is it. Britain is at last acquiring
the same kind of separation of powers that the Americans have through the split of the executive from the
legislature and the judiciary only it is happening in such a way that is never really understood at the time.

3. Do you think the laws in the UK need to be changed to adequately deal with privacy as a political or
economic issue, as opposed to a process?

From a point of view of realistic political economy, you are not going to get a UK government to voluntary give
up a huge amount of administrative discretion. But what happened as a result of the human rights act, is that
human rights law is now trickling down through all sorts of nooks and crannies in the British administration
with all sorts of effects that nobody predicted in the beginning. Privacy is coming under section 8 of ECHR.
There are other things that matter, fair trial for example, where the government’s use of information is
constrained. There has got to be a fair trial between the prosecution and the defense, and there are other
implications such as whether wiretaps can be used in evidence. So that has a secondary effect on privacy, but the
primary effect on privacy is section 8 (of ECHR).

4. Are the issues we encounter with Facebook, Google, etc subsidiary issues then?
It is not entirely clear but Facebook does change the world, very radically. Before that, search changed the
world – Alta Vista, Yahoo, and of course Google has got that market. Back in 1996, I was helping the British
Medical Association and we wanted to find out about some companies who were involved in an IT project with
the government, which we were suspicious of. I found that using Alta Vista, within 5 minutes or so, I could find
all the people who were behind these companies, their shareholdings and other companies, I was also able to do
give a rapid presentation on who was behind pushing a particular position. And before then, only a nation state
could do that with its intelligence agency and network of embassies, and it could not do it efficiently or quickly.
It is huge change and gives power to the individual to find out in terms of transparency what companies and
governments are up to. But it also gives power to everybody else to find out about you. That was very positive
for the individual but with the move to social networking, the individual is I think disadvantaged. People are
under enormous pressure to use Facebook. One of my students put it this way – “all the party invitations at
Cambridge come through Facebook” – so if you are not on Facebook, you wont be invited to any parties, so you
will never meet any girls, you will never have any sex, you will never have any children, and your DNA will die
out and so from a Darwinian view, it is very important to be on Facebook. The Facebook non-member DNA
will be eliminated from Facebook within two generations.

5. Is that one of the most significant things that has happened and had impacted privacy?

It is significant because it is a race to the bottom. People who have got stronger privacy preferences are
basically overruled by social pressure, in that they appear to be odd or weird or something. Perhaps there is a
return to elitism. Curiously enough, Facebook’s initial marketing strategy was initially aimed at elitism. The
important thing here is the network effect, that there are many information goods and services that are almost
like a natural monopoly. You have worked for Microsoft so you know the economics of the platform game.
Microsoft beat Apple because back in 1985, people began to realize that more people were buying IBM PCs
than Macs. So they started developing more software for the IBM PCs, so people bought IBM PCS to use all
the software that would run on it. The same applies for Facebook but the critical thing all your friends are on a
given social network. There is no point going on Bebo if all your friends are on Facebook. In Cambridge where
80
all your friends are on Facebook, it is hard to see how another social network would get traction. But maybe in
the end, Facebook will fail because people’s parents are on Facebook.

6. Has privacy changed in your life?

Oh enormously, the range of things that people are relaxed about talking about has become greater. But then,
the consequences of negative information are in many ways becoming more systemic and more severe. In
Britain, I believe that there is now over 10 million jobs for which some criminal backgrounds check is sought.
This has had pervasive chilling effects. For example, the number of adults who volunteer to do music lessons at
school or to lead Boy Scout groups has gone down. And that is not because people have secret criminal records
that they don’t want to talk about but it just that they say “To hell with it, I can’t be bothered to fill a form and
pay 60 quid and wait for 3 months while a load of bureaucrats pour through my history, to hell with it.” Theresa
May is talking about dismantling it, but I bet she doesn’t because they have the bureaucrats, they have the
systems and they will scream like mad if they are abolished.

They have said that they are making the few IDs cards that they have issued invalid in the near future. But
however the infrastructure that they have built, the national identity register, the inclusion of biometric data in
passports, that I think will continue in some form. We may not be fingerprinted for our passports, and I
certainly hope they will not as I will be very vocal if they decide to do that, but we will get biometric passports
with digitized photographs and the biometric capability will remain.

7. Do you think there is enough debate about privacy and digital technology, the politics and economics
of it?

No it comes up occasionally in the popular print, but the fundamental problem in privacy is something that the
politicians don’t want to touch. And the fundamental problem is that computers allow stuff to scale and privacy
doesn’t scale. The big problem here, and lets use medicine as the example, that if you have a general practice of
20 staff, they might have 10,000 patients. They have records and the staff accesses it. There are risks, but you
live with them. But if you centralize the records then all of the sudden you have got…. They did this in
Scotland they produced something called the Emergency Health Record for all 5 million people, and about
80,000 people in the Scottish Health Service was able to access it. And the first thing that happened, a nosy
doctor went and looked up the records of Gordon Brown, and Alex Salmon, Kirsty Ward and various celebs and
footballers, and people like that. And they caught him and decided not to prosecute him because it would not
be in the public interest. I bet it is too embarrassing. And now they are planning to do the same thing in
England. Both the Conservatives and the Liberal Democrats promise before the election not to do it, and now
that they have formed a coalition, the civil servants are telling them what to think, and they are going to go
ahead with it. There was an outcry and maybe they will review, etc.

Is it a failure of process, or failure of value?

All of the above. There is never any contemplation of system architectures or the likely side effects of particular
ways of automating public services when policy is being made. And the government CIO is not at the table
when this kind of decision is being made. [Ross makes reference to the National Childhood Obesity Database.]
Ministers don’t think of the consequences of their action. Civil servants don’t care about privacy except their
own of course and their families. So it is not joined up.

Is the threat the whole system?

That is why the useful push back on it comes from the European Court, because the European Court is in the
first approximation uncorrupt and unbeatable. It produces a verdict, which is cast in granite for all time. It has
taken something like 15 years for a decent privacy case to come up there since the issue came up in the mid
1990s. It will take another 15 years for the effects to work through the system. But I don’t know of any other
mechanism within our political institutions that can deliver that. Regulators whether it is the information
commissioner or the financial services authority or even the Bank of England inevitable become captured by the
industries that they regulate. Because the industries have skin in the game, they know what is going on, they are
concentrated. Any Chicago school economists will point out that regulation is basically a mugs game – you may
sometimes have to do but you must never expected it will be done well. One of the things you can do in policy
terms is enact a data breach report law, so that at least the breaches can’t be covered up. In America, where they
have done this, it has been a powerful force for good.

81
Interviewee #6: Joe Bonneau (PhD Student, Security Group, University of
Cambridge, former Crytographic Scientist)
Date: June 2010, in person interview.

1. Why is privacy important in the context of digital technology?

There are a couple of trends that are changing the amount of data that is available about people and also trends
that are making it a lot easier to use that data. Obviously, the trends that are increasing the amount of data
shared – people are spending more time online, they are using more interactive services on line to interact with
friends, their location is provided to services – this is essentially everything you do online, computers record
everything by default. So unless people intentionally throw data away, all the time you spend online you are
leaving a trail somewhere of what you have been doing. So that is trend number 1. The second trend is we are
going a lot better at looking at this data. There are companies who have built themselves solely on the problem
of looking at huge data sets. Google is the one everybody knows about but there is an entire ecosystem of
smaller companies that analyze data for specific purposes. Given those two trends, people are generally aware
that more information is being shared but not as aware of the analysis ability. Particularly for the analysis, this is
creating a situation where companies with the capability to analyze big data sets have a huge information
advantage over most people who don’t have the ability to really access all of that data. The analogy I have
heard is data generation is like pollution in the digital world, just sort of this by-product of everything you do is
that you create a data trail that can be analyzed by everyone. I think you are questioning who it is important to –
it is important to everybody. It is a problem that I guess society has to get a handle on, what are the limits or
rules on who can look at what data, just because data is available does it mean it is should always be considered
ethical for groups to analyze it.

The main thing I have done that has been looked at is I researched the social networks and looked at the market
for all of the websites that that do social networking – what are their goals, how do they promote themselves,
how they try to get users to share data, how well they do in terms of protecting user privacy. The interesting
that we found in practice that had already been proposed in laboratories is that there is this very strong privacy
salience effect – that it is very important for all companies especially the social networks not mention privacy,
not even to reassure people. The websites that do a good job in protecting privacy and actually work very hard at
it, don’t really want to come out and say that they are better at privacy than their competition because as soon as
you say privacy, it is a scary word for people and they are less likely to use your services, less likely to share
data with your service. For social networks, even though privacy is something people think they want and if
you ask them “is privacy important” they almost always say yes, when they are actually online, it is not
something they think about unless it is something you put out there for them. A much better strategy for social
networks is to say that this is a really fun place, and you can share information with your friends and see photos
and play games. The study raises some tough questions – if the market will ever correct privacy or offer privacy
because people want it, because it is such a difficult thing to sell to people. I would hope that privacy would be
a seamless thing and people don’t have to think about it and we have strong protections in place. It is not going
to come for free because the default way to build something is for it not to be privacy protecting. In some cases,
this data you can sell it to marketers and advertisers, having people share more data makes your site more
attractive. In some cases, there are low cost things to do but in general privacy is not free. If it difficult to get
people to pay for it, then you will probably keep having the type of systems that we have where there is no built-
in notions of privacy.

2. Do you think the boundaries are shifting between the public and private?

It is very difficult to partition into an engineering problem. It is not about having a public and a private realm.
People actually have tons of realms and they like to keep the realms separate. Sometimes, they have things they
want to be private to a small group or with one other people, or they want to keep private to themselves. To me,
I think of privacy more as giving people the ability to control what information about themselves or about
themselves and other people is shared with other people. If people want to go to the beach and wear a bathing
suit that is very revealing, it is their choice but there is no aspect of privacy involved if chosen to reveal that
information. They are very aware that everyone else there can see it. Whereas if they are changing clothes in
the privacy of their home and somebody is looking into the window, then you have this strong sense that their
privacy has been violated. Since they haven’t chosen to reveal the information in that case. And again, it is still
an over-simplification but I think what’s important for me is that we build the digital world around this notion
that people should be able to control what information they are revealing about themselves and it is very clear
what information they are revealing.

82
The cynical view is that people do have control because they can choose not to use the Internet, not to use their
cell phone in which case they have the golden age of privacy that people are talking about. I don’t think the
case is not to embrace technology as I consider this is not an acceptable solution. The Onion, which is satirical
newspaper, wrote a joke article that Google launches an opt-out village. To the extent that people need to use
the Internet, need to use email and probably need to use social networks, to really stay a member of modern
society, there are a lot of things they have information about. Google is not strongly privacy preserving search
engine; most other companies don’t preserve privacy in a strong way. Most companies web mail providers
now, which also store email in huge central servers. With social networks, the amount of privacy we can
currently get is also not where I would like it to be in the future.

When people ask what is the best thing to do to stay private in Facebook. I basically say that the technical
system is broken to the point that you should assume that anything you share is shared publicly. That’s a
problem people are researching from a number of different angles. They are trying to make it easier for people
to have a simple way to decide who can see what, they are trying to build a strong technical protections so that
information that sits on your computer doesn’t go to other servers, is shared only in encrypted form with only
people you trust, that advertisers only see certain information when serving ads to. These are all problems
people are working on; the current system is very first generation and wasn’t built around the idea that privacy
should be a key feature.
My research does not involve dealing with users very often. I have certainly chatted with people who I don’t
know, not in a research setting, and friends who tell me that they feel a little bit anxious about the whole thing
and they feel like they are losing control and they can’t keep up with how the service is changing, why is this
stuff being shared when it wasn’t shared before. But I am not the right researcher to ask about the experience of
using social networks psychologically just because I don’t deal with large numbers of people in my research.

It is hard to say because we don’t have a long history, even computer science is a relatively young field, so there
has been a number of things we have not been good with in the past, we are not really good at building software
that is usable for people. Perhaps the iPad is a good example of usability. We are not particularly good at
building secure systems – the field of computer security has a pretty patchy track record. I think we will get
there eventually, there are progress made in these fields, and I guess if the question is if you got a bunch of
really smart computer scientists around the world, and said “build this system exactly how way you want it, and
everybody will use it and we will pay for servers to run it”, no doubt we would do better than the current state of
the art. But I think there are still a lot of problems that we have not completely solved. Just the problem of
translating people’s intuitive notions that they have as to who they want to see information about themselves
into rules that a computer can follow and enforce is very difficult. People’s notions of privacy and what
different social spheres and how they want those spheres to interact is extremely complicated and most people
have never tried to write it down or relay it to another person, and in the computer you basically have this
autonomous agent to let other people seeing your vacation photos or not viewing them. You want the computer
to always make the right decision. It is very difficult for people to write down exactly the list of who they want
and circumstances. So to some extent, it is a problem we have not solved from a usability perspective. Maybe
it is not possible to solve, and it is such a complicated thing for people that almost any interface you give them,
they would struggle to express the way they want the world to be.

3. How can we manage privacy in this new environment, and who is threatening it?
There are a few different visions of the future people have. One is the transparent society, and there is a book
written about it, where everybody can see everything about everyone else. I think that is the one people talk
about more often about being the future. I guess people try to extrapolate the trend that more data is available,
and I think eventually, all data will be available. It is unclear how humans will co-exist and exist in a world like
that. I think it is not really a technologist’s job to pick what the future is, or to say that this is necessarily bad or
good. But that in some sense is the easiest one technologically to achieve.

The future that I am more concerned about that I don’t hear people talking about enough is a world where the
world is transparent to some groups who have the power to analyze it, and to deal with the huge amounts of
data, and to most people, they don’t have that advantage. It is sort of an asymmetric transparent society. That
is really more what I am concerned about. A lot of privacy advocates if you drill down they are more worried
about that version of things, they are concerned about systems where governments have access to data that other
people don’t have. And in the Facebook world, it is kind of interesting that in Facebook’s world they have
access to everything and their benevolent protector, and there are some other marketing companies that have
access to a huge amount of user data and analyze it and they are also doing a lot of good things. But Facebook
is very afraid of ordinary users or people that they don’t control or have a relationship with having this user
data. There is a case about six months ago that illustrated this really well, with a guy called Pete Warden who
crawled all over Facebook and gathered most of their data set and said he was going to publish it for other
people to analyze, and I don’t think he had any malicious intent. Facebook sued him and brought all the legal
83
pressure they had to prevent him from doing this. People thought it was hypocritical that they went after this guy
who shared the data when not only are they willing sharing it with some parties but there are also a number of
companies on the website whose entire business is crawling and analyzing Facebook. However, Facebook
haven’t had a problem with these people. There is sort of an understanding that the companies who are crawling
over Facebook will keep a low profile about it. There are a lot of companies that most people have never heard
of, and like I said earlier with this privacy salience, it does not really affect Facebook so much because it doesn’t
concern people, it is not something they have to think about and they will continue to be comfortable sharing
data, and having fun interacting with their friends through Facebook. But if people are aware that the data is
fully public, then they will probably be less willing to use the service. My concern about this asymmetric world
is that people because they don’t really understand the organizations that are able to analyze this data they are
not as inhibited in their behavior, as they would be if they understood the full picture of it.

In some cases, I think in China and Iran, there are nation specific social networks where those countries don’t
have a lot of Facebook users, they have some. The most popular social networks are country specific and they
have a very cosy relationship with the government, they are not directly a government agency. In China, more
people use something called Qi Qi and it has gotten some support from the Chinese government I think, they
have a positive relationship and I certainly they are willing to share data about their users with the Chinese
government. And certainly in Iran with a social network called Klube. So I think that in the future, it is
possible that the government will directly run the social network service and directly spy on people and
“surveil” people directly without having to go through some channel. In terms of the national legal picture,
almost all of the social networks that aren’t specific to one country are based in the US. There is basically no
example of something that has been started in another country that has spread to other country. Facebook,
Myspace, Bebo, Hi Fi, Twitter and all the Google stuff has basically started in the US and spread out from there.
So in some sense, it makes the US law about data protection the dominant law for the world. It doesn’t go as far
as EU law. And I think, and I am not a lawyer but I don’t know how it will resolve, but there are some pressure
from within Europe to regulate the US based providers. They want them to meet a higher standard.

In some specific cases, if you say “build me a system that does X”, people have done that they have tried to deal
with the problem say storing a census of everybody in the UK, where they live, without having any individual
being recognizable by inserting a disturbance in the data. You can define that it shouldn’t be possible to spot an
individual. Then we can say this is how you would store the data, and this is how much less accurate it would
be, to achieve this goal. With a lot of problems you don’t know what the goal is yet. It is not quite ready for a
technical solution. Some of the technical work I have done is to trying to understand what happens with
privacy. It is more of a case by case, with different systems we define how privately we want them to be, what
it would mean for something to be private.

4. Do you think new laws are required to regulate this space?

There are privacy commissioners who want to pass laws that will improve privacy but they suffer from the same
problem it is not clear how that law would be drafted and written. That law can’t really be passed in the current
world because nobody really knows what a law that would fix privacy in social networks would look like.
There are individual problems that can be solved, but it seems like solving the entire mess is far out of our reach.
I think before there will be technical solutions and before there can be laws, there needs to be a better
philosophical understanding of how we want the future to look. There is certainly a lot of people thinking about,
and coming to some consensus of that. A lot of people have come up with different notions of what privacy
should be, the transparent society is one vision of the future, then other people try to define privacy from a
control perspective, or from a protecting different social context perspective, there is a rights based approach to
privacy, some people try to think as privacy purely as an economic problem. In the end, it won’t be really
solved by academics; it will take building systems and having people use them to see what sort norms arise
around them.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

I would say it is Moore’s law, and the feasibility of dealing with personal data, every single person in the planet
by one organization, which didn’t really exist in the 1980s. Moore’s law is storage, and processing and
communication power. The idea that you can basically build a data set, or acquire a data set as large as you
want, you can still analyze it and improves abilities to analyze large datas and better software and algorithms for
doing it. I think that is really the technological breakthrough that is fueling all of these problems.

6. In your experience, how has privacy changed your everyday life?

84
I can’t say that I have had any direct or bad experience with privacy. Maybe it is the age that I am, I felt that I
constantly saw the before and after. Even at the beginning time when I was at high school, cell phones were
rare and they were almost common by the time I left. Social networks when I started as undergrad student at the
university, Facebook was launched when I was a sophomore, and by the time I left, it was ubiquitous
technology. I feel that I have seen the changed first hand. I would not speculate how much they have changed
things. It is hard to speculate how my life would be different if the technology wasn’t there.

85
Interviewee #7: Steven Murdoch (Researcher, Security Group, University of
Cambridge, and member of the TOR project)
Date: June 2010, in person interview.

1. Why is privacy important in the context of digital technology?

I work on two different projects; the first one is on banking security. There, privacy is important because people
don’t want their banking details accessed but it is not as critical as in the other area, which is looking at
anonymous communications and censorship resistance. So I am looking at the TOR system and the systems
around TOR, which are designed to allow people to access the Internet without being tracked. So you might
want to access a web page on some disease that you think you might have but you don’t want somebody who is
monitoring your computer or even on your website to be able to work out that you are suspecting that. It is used
by law enforcement to allow them to access websites, which are being operated by criminals, without the
criminals being able to work out that law enforcement are interested in it. It is used by ordinary people all over
the world. And also, it is being increasingly used by people in areas where there is censorship. China is the big
example of this but almost every country has got some sort of censorship. The Middle East has very heavy
censorship as well. And TOR allows you to access websites, which are prevented from you going to directly
because of government censorship.

It does this through two different mechanisms. The first is a technical one – it hides what website you are going
to and therefore, someone who is monitoring you can’t say you are going to this banned website. The other
thing it does is protect you from being monitored so if you know going to this website is being disapproved of
by your government you can still do it and have a reasonable degree of safety believing that you won’t be able
to be discovered later on as you were the person who went to this website you are a bad person you go to jail.

It is not purely peer-to-peer because in a pure peer-to-peer system we will require everyone who runs this
program also contribute to the network. But if you are a human rights worker running a dial-up modem in
Tehran you don’t want to be routing traffic for someone in America doing bit torrent. You are encouraged to
run a server but if you don’t then you are perfectly omitted from doing so. We are gently pushing people
towards running servers and to contribute to the network, but you are not forced to.

It’s hard to pin down the origin. The project was originally started in the navy research labs in the US by a guy
called Paul Syverson, who was a researcher there (he is still involved). There was an implementation of it
written internally and there was an external one written by a student in Cambridge. Then the Electronic Frontier
Foundation got involved. When EFF stopped funding, then it became a charity. It is registered in the UK. Half
a million people are using it approximately.

2. Do you think the boundaries are shifting between the public and private, and that is why people need
to use such software?

I think TOR and similar software is useful to regain the privacy which was lost when people moved from
normal face-based communications to Internet communications. If you want to read a newspaper, then you can
just go to the newsagent and pick it up. You can wear a hat if you like and nobody will probably recognize you.
But if you access the New York Times website then the New York Times will know who you are, where you
have been and what articles you have been reading, when you last came to the website, what browser you are
using, and all sorts of information about you. So the Internet is very convenient but its inherently loses a lot of
privacy and TOR helps you get that back.

I think that is starting especially in social networks and people are giving a lot more information about
themselves than they previously have done so. To one extent, it is because they can. If you want to broadcast
how old you are then it would be strange to do that with your age on your head. Social networking websites
facilitate that a lot and you can meet people who are into obscure interests and there might only be a hundred
people in the UK and you might find them all. So there are benefits in broadcasting that information. There are
risks so what you say on the Internet will probably stay there forever. This can be embarrassing later on. We
are starting to see the effects of that and it is hard to know where it will go. And there also might be some push
to try to control that. The thing commonly taught to people are don’t put sensitive information on the Internet.
That seems pretty pointless seems they are going to do it anyway. For example, Finland has forbidden
companies from searching people in social networks, employees and prospective employees, because that sort of
policy is necessary to preserve people’s privacy. We might start to see more of that.

86
Rules and conventions have evolved around other areas to allow people to carry out their own lives without
being afraid of certain things happening. So we have a police force to try to prevent people being hit over the
head. Social conventions to say what sort of behavior is acceptable, those sorts of conventions have evolved
over millennia, but there has not been enough time to do that when it comes to the Internet.

3. How do you manage privacy in this new environment, and who is threatening it?

TOR can be used as a double-edged sword. Some people use it to preserve privacy, but others use it for doing
bad things. I am sure there are some examples of people using it to invade people’s privacy. We occasionally
get complaints where someone sent someone a death threat and they investigated and find TOR is being used
and then contact TOR. So another thing that TOR staff do is talk to law enforcement to make sure that the first
time they hear about TOR is not when something bad happens. And we also have law enforcement personnel
who use TOR in their day-to-day work to protect themselves and then we can say this policeman will talk to
another policeman and they learn more about TOR.

Another one is realizing when network surveillance can happen. Occasionally someone sets up a TOR exit node,
that’s the last computer you go through when you are using TOR. They set this up and they monitor the traffic
coming in and out of it. So if you send unencrypted data over this, then this malicious person will capture it.
Then he might go on the web and say we capture x number of passwords through sniffing a TOR exit node.
Then they will say TOR is broken and TOR doesn’t do that. It is actually nothing TOR can technically do to
protect people but this is really an aspect of the weakness of normal Internet communications, which is on
average, your communications are not encrypted. And if you are using TOR on an exit node, then they can sniff
what you are doing. If you are not using TOR, then the people who are in the same area as you using Wi-Fi are
able to work out what you are doing. I think that is not appreciated by that many people. And I think this will
gradually change. Part of it is a technical problem. The ways of doing encrypted networks are fairly rare. So if
you are trying to get access to eduroam there have been so many technical problems trying to rollout the
technology for doing that. If you want to use a hot spot you set up the hot-spot then you can’t get both public
hot-spot and encrypted network traffic. The technical reasons for this are not impossible but the technical
standards don’t support that. And this means that people are moving towards other ways such as VPN.

The threat is fairly diffused, and that’s why people aren’t worried about it. Occasionally, you will find the bad
people who go around sniffing some credit card details. There are the bigger ones who do Wi-Fi scanning.
There is a separate issue of using your access point without authorization – that’s probably over-hyped there are
a small number of cases where bad people have done things at open access points. For example, in the
computer line (?), there has only been one incident in three years since this access point has been set up. I think
it is over-hyped.

This is where a hacker Albert Gonzalez sat outside TGX and cracked their password. Got their password and
got into another system another system and another system. And eventually got into where all their credit cards
were. And created the greatest credit card number breach in the US. The TGX has to pay out a lot of
compensation to the card vendors. There are risks. Gonzalez was a random people sitting outside. TGX were
considered not to have adequately protected their systems. Therefore, they are partially liable for the fraud.

When it starts involving ordinary customers, then I think there is need for laws because customers cannot be
reasonable expected to read and understand a contract that is ten or twenty pages long. That is where laws
should come in, and that is where data protection laws do come in. The Data Protection Directive and Data
Protection Act are reasonably good. The enforcement is not as good as it should be, especially in the UK and it
probably needs some minor updating but I wouldn’t be pushing for new big laws, tweaks in the principles of
data protection are probably adequate. One thing that does need to be changed perhaps not through the law but
in some way is the appreciation of how hard it is to do anonymization because the Data Protection Act basically
says as soon as you anonymize something it is no longer covered. But actually it is pretty easy to de-anonymize
most bits of data. We saw this from the Netflicks data set debacle, where they showed that by combining the
anonymized Netflicks data and the unanonymized Amazon recommendations data, you are able to recover who
like what films. The US is in serious needs for some laws over that. They have much more sparse privacy
protection. There is a privacy law for video rentals and medical records.

4. What do you think from a privacy point of view what are the most significant changes in the last 10 –
20 years?

The last 5 years has been social networks, and particularly social networks trying to make money. When social
networks sell their data to marketers that becomes very big. Because you have now got this perverse incentive
that you are not a user of a social network you are a product you are being sold to marketers and the marketers
are the actual customers of the network. And now you have a conflict of interest that the more privacy you

87
have, the less valuable you are to the social network. So they will try to design the system so that you don’t
give away, oh it’s very hard to restrict them…the most valuable information just can’t restrict…

Over 20 years, probably has to say it is the Internet but it is hard to say which particular aspect of the Internet
affects privacy. In some ways it is an improvement because it does give the ability to meet people pseudo-
anonymously. You can meet people far away and doing business with people far away. It is better to share
sensitive information with a friend or a stranger? On the one hand, your friend knows you and they have the
ability to use it against you. While on the other hand if you share it with a stranger, they don’t really know you
and there is no incentive to do anything with the information. You should share more information with people
you don’t know. This is essentially how TOR works.

Andrew Adams gave a talk at Microsoft Research here on the Japanese view of privacy and that’s what it is.
The people who are far away are allowed to know more sensitive information about you because they can do
nothing with it.

5. In your personal experience, how has privacy changed in your everyday life?

I think when you are talking to friends and family, I am probably somewhere in the middle of the spectrum.
What security people have to do is understand risks. I try to get on with my life without doing so many things
that although are reducing the risk of danger I have to jump through so many hoops that I cant get my work
done. I am on Facebook. I am quite happy that the computer I am working on is on a wireless access point. It
would be nice if encryption was available but there is currently no convenient encryption for wireless
communications through that system…due to standards. I am quite careful about what I put out on Facebook.
But I am less careful than other people I know. There are some people who keep their Facebook completely
locked out and you know nothing about them and you can’t even add them as a friend.

I have got a fairly public persona so I don’t have to be overly concerned about keeping secrets, I can publish my
work online. I have to be careful about what I said, example I was an expert witness on a court case, and I
linked to comments made by Ross Anderson, and my credibility was questioned as a result. I publish my phone
number on Facebook.

88
Interviewee #8: Dr. Gus Hosein (Policy Director, Privacy International)
Date: July 2010, in person interview.

1. Why is privacy important in the context of digital technology?

One of the issues I think through is what are the things we hold on to, and what are the things we let go off,
when we change “technological frames”. So again, I am an academic in these fields, but let me speak a little bit
un-academically. With the industrial revolution, there are some things that we adopted and some things that we
moved on from. The emergence of workers rights, 1800s – 1900s, and then human rights in the 1940s, we as a
society has changed dramatically over time. Digital technology is that new frame; it could possibly be as
stupidly that or brutally as that, so we are trying to figure out what do we hold on to and what do we let go off. I
don’t think society wants to be Borg-like. I think that people do want to hold onto human values and human
rights. It is just that the pace of technological change does not necessarily acknowledge it all of the time. That’s
why you need groups like mine [Privacy International] to feed into that development process.

2. Do you think the boundaries are shifting between the public and private?

No. Again, do I think or are they? If you want my honest opinion about how the world works now, there is just
too much thinking and too much talking. And so just because we talk about something, just because there is a
blog post, or there is a media campaign on something, doesn’t mean that it is necessarily so. And there are all
these emerging conventional wisdoms that are at a complete dissonance with past hundred years, or past
thousand years, or past ten thousand years, but just because its been talked about for three or four months, it
becomes a “thing” and a new way of doing things. And so, I find it odd that if you asked this question to many
people – things are dramatically changing, people are on Facebook, people are on Twitter, people are doing this
or that – I don’t see how it changes a single thing. I don’t think there is a shift between the public and the
private. I think things are changing but I don’t think there is a shift. There is that line and what is on this side of
the line, and what is on that side of the line certainly is changing. I wouldn’t say even blurring. Some things
may be swapping sides just a little bit but that line is still there, and I think it is strong. It is the innovation thing
– we are putting our toes in the water to see what can cross over, and there is also the episodic nature of it all –
where for a moment there, I want to be public, but for a moment, there is half a billion people who want to be
public, but it is only for a moment. The history of Facebook is only 3 – 5 years. My mom was on Facebook for
about a month, and then she disappeared. But if you have the social commentators and the media commentators
say “oh but look Facebook has 400 million people users so therefore people want to be more open” – it doesn’t
quite work that way. Also, we get to choose how open we want to be even within those [environments] – I am a
Facebook user, I enjoy using Facebook but it doesn’t mean you can put me in the group of people who say
openness is a good thing because Zuckerberg says so. And I clearly believe in the divide between public and
private in the way I live my life whether online at Facebook or whether it is offline, I exhibit that. I would never
have an anti-technology sentiment. I am a technophile. Let me pick up on that point – it is funny how privacy
advocates in the 70s were Luddites, and the Crypto Wars came along, and we showed that some of the brightest
computer scientists in the world were privacy advocates so you cannot put us in that box. But I would say that
in the past three to four months we have been attacked more and more as Luddites all over again. And I am
finding that I have had to defend myself as a computer scientist, as a mathematician, as somebody who knows
technology, to people who claim we are Luddites because we don’t understand the way technology works. I
don’t know but it is a re-emergence of that notion that we just want to throw our shoes at the machine – that is
all we care about. We understand technology as much as it can be understood, we look at innovation as much as
it well as it can be understood; we are excited by this but it doesn’t mean that we throw all caution at the wind.
And just because three innovators in Southern California see something that enable to start a company that has
all these followers, that that’s the work technology works. I understand that technology is a lot more
complicated than just that. The Internet is not just Facebook.

3. How can we manage privacy in this new environment, and who is threatening it?

There are new challenges but I don’t think that the world is a dramatically different place. I don’t think human
beings are dramatically different from five years ago, or ten years ago, or fifty years ago. What pisses me off
the most – I describe the social commentators and the media commentators as people who say this is a new
world. They annoy the hell out of me. But what starts it all off are the companies, the policymakers, the
technology developers who are idiotic in the way they design their things – their toys, their laws, and what not.
But then lead these amateur minds, who are these social commentators and media commentators, that this is a
new world. So the people in Facebook who made the stupid decision to switch things around, and this is not

89
just once this is many times, they don’t think of the ramifications, they piss me off. Google - same thing.
Microsoft - same thing. All these companies - there are these people who do these stupid things that then lead to
something called an application or a product which people use as a black box. And then the commentators say
this is a new world order. There is a commercial interest and they are trying to do their best within that
commercial interest. But it doesn’t mean that either you have privacy or you have commercial interest. You
can still design things smartly – I would like to point to companies who have done that, who are still successful
by putting security in their systems. This entire discussion could have been about information security. In
1990s, we were all saying there is no money in information security. And we are still saying it today – there is
no money in information security – does it mean information security is dead? No it just means that there are a
lot of stupid people out there making stupid decisions and if you want me to point to some particularly stupid
people that the genesis of these stupid problems we are dealing with today. The first policymaker who put a
CCTV up saying this is going to solve crime. It is the same exact thing as some stupid Facebook engineer who
decided to tweak this that way, and all of a sudden – you have the same social commentators who say CCTV
solves all crimes, and Facebook shows that nobody cares about privacy anymore.

4. Do you think new laws are required to regulate this space?

My perfect world for privacy is exactly what we have today. I know privacy inside out. I would say that I am
maybe one of 10,000 people on this planet that understand privacy as well as we do. I don’t want my view of
privacy being dictated to the whole world. I don’t want the European model law to be deployed globally. I
don’t want the American model law to be deployed globally. I don’t want Facebook’s view…I want this rich
fight to occur today and tomorrow and next week and next year. Can you name another human right that has
been discussed as much in the last five or ten years? Free speech isn’t discussed as much as this. When
everybody is thinking about these issues and trying to come up with solutions to these issues, that is an exciting
domain. If we had the legal fix, this would be a boring domain. If we had the technological fix, this would be a
boring domain. I like the fact that there is all this flux and controversy. As a thinker, I would say that I want the
quest for law to continue, I want the quest for technology to continue, I want this mess to continue. As an
advocate, I want clear regulatory intervention, I want a legal framework that everyone understands, I want social
norms, and I want education to take place so that everybody gets it. But that is my job as an advocate to come
up with this stuff. But I am not going to win this fight – never in the history of advocacy has an advocate won
that fight. But the advocates’ voice has to be part of this entire fabric of discussion, which is what makes
privacy so interesting. It points to the nature of anything that is socially interesting. There was a study in the US
which polled high school students about the Bill of Rights, and an alarmingly number may be as much as 40%,
didn’t know what the First Amendment was. If you are not confronted with these issues every single day, you
forget these things. I don’t want to talk about 9/11 or the Bush administration but torture is finally back on the
agenda. Most people haven’t thought about torture since the 1940s. When we think of big bad people doing
bad things – we think of the Nazis – we forget about all the things that have happened since 1945 to 2001. So
we forget about these rights we forget about these issues and they go by the wayside. You can’t say that privacy
has been forgotten. Open up a newspaper today – five privacy stories every single newspaper anywhere in the
world. Might not say privacy but it is a privacy news story. That is what makes a right fascinating. That is what
makes a social issue fascinating. That everyday we are still fighting the war.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

It is an interesting question to ask. I want to stick to that timeframe because it is a timeframe of my existence in
this – me learning how to use the Internet, me trying to form my political identity. The whole privacy
movement started in the sixties and seventies, and kind of withered after that. 1980s was a no-go period but you
have policies in the world, such as the census in Netherlands or ID cards in Australia, there were these episodic
campaigns where people didn’t quite know they were fighting for privacy but they knew they were fighting for
something. The 1990s were when the EFF emerged, ACLU started to pay attention to these issues, EPIC and
this was when PI started in 1990. So I think it was that moment when the human rights organizations, so lets
say the ACLUs and say PI. PI wasn’t founded around the Internet; it was founded around this human dignity,
the ID cards, the census systems, these big systems. And the EFFs and the EPICs, kind of came together say
around 1991 and 1992 with the Computer Freedom and Privacy Conference in the US. All these things started
to happen – people started to set up NGOs, the Clinton administration, exciting time in politics and the fight for
censorship in the US. That moment in 1990 to 1998, that period when there was so much activity in the US
with the policy wars – that was the most important time for privacy. Was there a single thing or moment? I
think that outside of privacy, and outside of technology, our political systems are significantly different today
than they were pre-1990. I am not just saying the fall of the wall. It might just be me having started to watch
these things – basically the late 80s and early 90s that I started to think about these politics, society and all of
these things. But it is the growth of civil society, the growth of governance - I don’t think we spoke about
companies the same way in the 1980s that we talk about in the 1990s. There was AT&T – it wasn’t a sexy
thing. There was BT, non sexy; IBM just a big company. We spoke about companies differently; we spoke

90
about everything differently. But then in the 1990s, something happened. There was a lot more dynamism out
there. PI in 1991-1992, one of the main campaigns we were fighting was Caller ID. We had no idea what was
coming, so something came – everything changed, not just for privacy but for free speech, intellectual property
and not just because of the Internet. I think technology, and saying beyond Internet, database technology,
information technology just blew up in the 1990s, same time as there was globalization, growth of government,
growth of civil society, all of these things happened at the same time. That is what changed privacy more than
anything else - the growth of media – couldn’t get anybody interested in any of these issues before then, but
now, we can trace all that back to sometime between 1990 – 1998. I wish I could say it was all to do with the
Internet. The social and political dynamics we have today I think started in the early 1990s and that included the
Internet as a popular phenomenon, but it was also when policymakers grew a bit more attentive to technology,
when companies and their images started changing - all these actors in this political economy started to change
in the early 1990s and that is the exact same situation we are dealing with today.

6. In your experience, how has privacy changed your everyday life?

It is awkward knowing so much that previously one would decide what you make private or public, what you
would share and what you don’t share, you would make it on a spur of the moment, your loose lips might reveal
something but it wouldn’t necessarily sink ships. But now, I got to think before I post an update on anything. I
got to think before I send an email. Email is less but when you think about Twitter and Facebook. I got to think
– it is not just did I spelled something right, but it is something I want to say publicly to my friends on my list.
Yes we thought about it before but never with that degree of permanence and that ability to yell. A good
example, I got my motorcycle license last year. I wanted to tell some people but didn’t want to tell other people.
I want to share but without the ability to share with discretion, you are always second-guessing yourself and that
is really frustrating. It is a real inhibitor on my autonomy. It is the same thing as knowing a piece of gossip and
not being able to tell people. This is my entire life - I want to be able to tell people what I am doing but I can’t
because the technology does not let you gradate, does mean we are all going to go public. It is a constant
frustration – privacy is a constant frustration – not with privacy as a concept in itself – but how I am as a human
being and how I engage with other human beings, other actors whether in government or industry, it is a
constant source of frustration just having to decide with this specter of permanence and inability to gradate or
establish thresholds. I want to be free, I want to be able to speak loudly and communicate; I am just annoyed
that the mechanisms we have today don’t let me do it the way I want to.

Often using the word privacy hinders discussion – there is nothing else we can call ourselves. As I was saying
with the newspaper articles – every newspaper has a bunch of stories about privacy, doesn’t always have the
word “privacy” in there, because privacy is much more amorphous. When you talking about communication
surveillance by the governments, the Ugandan government just passed its Interception and Communications law
– all the articles of Red Eye does not mention privacy once. They talk about corruption, they talk about
surveillance, they talk about abuse but its not privacy. And so in our workshop last week, I was so amazed all
these people from countries in asia who are interested in privacy when we are told privacy is a western concept,
human rights are a western concept, we should impose our views on others. One of the first questions I ask all
these people who flown in – why are you here, you are supposed to be savages who don’t care about these
things. We went around the table and all of them had to say why there were here. And now that I think about it
based on your question, 25%-40% of them used the word privacy in their explanations. All of them used cases
that we have all experienced. The word might not be universal and it is a “catch all” [phrase]. Even free speech
doesn’t mean the same thing here as in the US – here it means freedom of expression. Autonomy is something I
think everybody understands. Freedom, you immediately ask freedom for whom. Smoking comes up
immediately – I am free to smoke but you are not free to decide whether or not you can get second hand fumes.
Autonomy is a complicated word because it has multiple syllables. People don’t use it often enough, but I think
that is what we really mean. I think privacy and autonomy have a stronger link than most other rights. I think
of autonomy as I am unencumbered with little ropes keeping me down and I am able to move my shoulders in
freedom and all that stuff. I can choose for myself. I definitely take a rights and dignity approach to these
things. That is why sometimes I have a hard time caring about what a company does but I find it highly
offensive when a company tries to say society has changed because of what we are doing, and then all of a
sudden, government ministers say society has changed so we can do as we please. That is why I get particularly
pissed off.

91
Interviewee #9: William Heath (VRM entrepreneur and digital rights activist,
Chair of Open Rights Group)
Date: July 2010, in person interview.

1. Why is privacy important in the context of digital technology?

I think privacy has become an unhelpful concept, an unhelpful word, to rally around. The reason is a lot of
people who spotted problems or issues early, gathered under the banner of privacy advocates, gets into a whole
dialogue that people have something to hide which is quite unhelpful. I think when you do your life online you
leave a huge digital footprint and that is key to all sorts of aspects of your life. This involves control, power and
value and I think these are more important concepts. If you understanding everything about the situation then
you are in control of it, than the other person doesn’t. And if you are in a relationship where you have all the
information and others don’t, then it does equate to power. Then I think the really important part about personal
data is that there is a value to it, everyone wants to take advantage of the value. Whether it is companies running
their CRM systems or companies like Facebook or Google whose corporate valuation seems to be linked to the
amount of data that “own”. I think the emerging trend is – first of all, the value of the data more rightly belongs
to the data subject, and secondly, when you place it with a data subject, it becomes much more valuable. The
reason is that individuals understand their own beliefs and preferences more deeply and more intuitively than
anyone else. You can’t, as a marketing company, looking through the world with compound eyes, all these
hexagonal pixels as though they were real people; because for the real person, there is a set of beliefs and future
intentions, which are rich and nuanced. If anybody is going to sort out the reality of how somebody wants to be
addressed, or where they live, or why they are associated with different addresses or different people, or why
they want particular services, it is the individual plainly who is going to do it. When the individual is able to do
it, they are able to look into the future, which is something no marketing agency can get at inside your head. If
I was setting about doing my Masters right now, I wouldn’t make it about privacy. I might cover the same
ground but I would call it something different. I would call it dignity, rights, control, power and value in
personal data, because that is what I think is important. I think what will make it change is the economic reality
– is the fact that individually controlled and user data driven is so much more valuable and that it can be
protected legally, and that is what is going to make it a very powerful force whether in marketing, or public
services, or how we administer our lives.

2. Do you think the boundaries are shifting between the public and private?

In very simplistic terms, if you are in a policy debate, I would take about two and a half categories of data. If
you look at public services in the UK and elsewhere, there is immense progress on public data. There freeing up
of public data sets, things about money or maps or statistics. This is government data moving into the public
domain – I am talking about open data, data.gov, data.gov.uk, transparency and the power of information trend.
You can set up things like your mapping and statistics agencies on the basis that they sell data and operation on
a cost-recovery basis, but I think the Internet is a much better platform for giving that data away and creating
new value. This is what the open knowledge foundation, and the newly established panel Tory adminstration
has set up. There is a whole history of public data from Ed May and Tom Steinberg doing a report called “The
Power of Information” through to Tom Watson who was the Cabinet Minister setting up a Power of Information
Task Force, chaired by Richard Allen. Lastly, the government engaging Sir Tim Berners-Lee and having the
Prime Minister Gordon Brown announcing data.gov.uk, so this is a deep culturally change saying that public
data belongs to the public, and we should give out these data sets out there, people will match them up and do
innovative things with them. So category 1 is public data, which should be set free, it should be transparent and
there are benefits and advantages. Category 2 is personal data for which government has been delinquent for the
last decade, the individual needs new tools to enable them to look after personal data better so that trust can
reside in the individual they can realize the value of their personal data. I say two and a half categories because
there is another bit which we need to check very carefully, which is anonymized data. Some companies have
been built on the back of trading in “anonymized” data sets. This idea that you can do research and other things
by stripping out obvious identifiers (you can reference work done by Paul Ohm and others in this area)
anonymized data isn’t really [anonymized]- the re-identification you can do with data is very powerful. What
we thought was three distinct categories in public, private and anonymized looks now more like just two
categories – something which actually is public because you really can’t derive sensitive personal data from it,
and anything else should be really regarded as personal data. So if somebody has cancer and is brilliantly
treated by the NHS, and wishes to share the medical record for research purposes then that is fine. As long as it
is for research purporses, and it is explicitly permissioned with informed consent. If a pharmaceutical company
asks if it can have access to the same data, it is fine for the individual to say Yes but I am going to charge you
for it. I think that is the way it is going to go. I think people makes rather facile observations like since

92
everyone puts data on Facebook, nobody cares about privacy. People do put a vast amount of data on Facebook
but I think it is of a narrow type. We don’t put fundamental data that we need to run our lives – to book our
travel, to measure our finances, etc. Some people do but they would be very ill-advised to. In the general area
of future paradigms of personal data management control and flow, in the UK we have talked a long time about
buyer centric commerce or customer relationships, in the US they talk about vendor management relationships
as an opposite to customer relationships management, at Harvard called Project VRM. I am very persuaded by
the potential of that approach, of introducing the individual into a structured scalable relationship with the
organizations they deal with. I am an entrepreneur, and I have set up two companies, one is called CTRL-Shift
Ltd responding to the need that large organizations are going to have to understand and have the evidence to
make rational decisions about how to evolve into a world where individuals have a structure and control over
their data. Basically, this is empowered customers – control over their information but also an equal say in the
relationship, and giving them explicit control over the messaging and marketing. To give a simple example,
stage 1 the supermarket might choose to spam me about special offers, stage 2 they introduce a regulation which
says you can choose to opt-out of that (guess what more than 60% of customers of large institutions such as
banks, telephone companies have opted out of receiving any marketing messages). If you give the customer
control of the relationship, then the customer can say, “I said I never wanted to hear from you but if you are
doing 40% of French wine and cheeses, that’s fine”. The premise is if you give the individual control over their
personal data and how the personal data is shared in their operational relationships, it allows the individual to
configure their preferences and their messages in a way, which is very helpful to the organization. You need a
technical basis, which is intuitive to individuals to customize their preferences. When you get into it, some
information about people culturally has been public forever – the way you look and your size, the way you are,
and in practice your name and address it is in the phone book. People have a public reputation as well. There is
some information they have to share for statutory reasons or as part of a contract, and that information is shared
between them and the organization. Example if you had an episode of hospitalization, it is unreasonable to ask
the hospital to delete everything to do with that episode because you might sue them. There is information that
sits between you and others, because you have touched others essentially. There is undeniably an inner sphere of
life, a personal domain, which is intimate to people where they experiment and make mistakes, or simply don’t
want to be intruded upon. I think what we haven’t yet worked out is how to support those differences and allow
that culture to replicate itself online. We are at a funny stage where organizations have spent a generation
building systems on their side, which keep records about individuals. I think individuals don’t have anything
structured to compensate – they don’t have a counterpart – and I think this is what urgently needs to be restored.
Individuals need to go online acquiring trust and the ability to prove that they are trustworthy even if it is
pseudonymous, so that they can transact with other people or organizations.

In terms of research into this, the overriding impression that I had is that people are somewhere between
depressed and in denial about what happens to their personal data being out there. People don’t like to think
about the extent of duplication and sharing there is of their data. When they start to think about it, they feel
angry, depressed, overwhelmed. People made it very clear that although when they understand what is
happening to their data it feels entirely wrong to them, one woman memorably said that I had given it out and it
is spreading out like an STD, and other people were visibly jolted or thrown or feeling quite angry when they
were asked to consider what was happening to their personal data out there. They won’t change their behavior
on the back of a large rational argument on better ways to do it. The thing that will make them change is
convenience. So when they find something which is more convenient in their lives - actually putting your data
onto Facebook is pretty convenient – anything else has to be as convenient as that, lets say, because I don’t think
you can make it more convenient. And then as it turns into something they use, then people will become more
reflective about how does it really work, what’s really happening, what’s behind it. With Facebook and Google,
it is inescapable, having provided the convenient services they did, over a matter of time, under the pressure to
deliver shareholder value, the mask slips. And users are suddenly confronted with the fact that the deal isn’t
actually the deal that they were presented with, and that, its like they never really in their hearts permissioned
credit reference agencies to buy and sell this information about them. Yes they applied for a loan, yes because
they wanted the loan they ticked the box, yes legally, the box says you therefore permissioned the bank to share
information about you to credit reference agencies. But you never knew in the past that you really said it was ok
for them to make a profit out of your personal data. When people understand that, they feel differently about it.
The next stage forward needs to be incredibly convenient in delivering real utility and only when people get
them using it, will they really consider it is fundamentally it is more respectful of their position of their data to
put them in a position to control and use their data. I think it is here we are seeing the emergence of data
liberation manifestos. There is a hint of it in both Tory and Labour manifestos in the UK. Three lines saying
that we believe the control in personal data should be restored to the individual. I think the front bench policy it
is quite easy to get commitments on this. I think it is easier to approach it as a matter of political will, than to
say, let’s make a case to the finance director or persuade the CIO. If you are going to involve different
professions, to turn CRM on its head or to open up CRM, into the VRM, to say we should invite our customers
into a trusted structured relationship and actually depend on them for an up-to-date version of the truth, it is
pretty counter-intuitive to our generation of customer relationship managers and marketers, CIOs, so although

93
there is a very strong case that the technology is available, that financially it makes good sense, that is going to
be a really long hard slog. The people, who get it, immediately and intuitively, are the man in the street,
because they are pissed off, the government keeps leaving their personal data on the train. That is the terms
which is most often expressed, people play fast and loose with my data, I don’t feel in control over spam, junk
mail and messaging, it is hard to get what I want, it is a nightmare when I lose my wallet, having to give you this
information over and over again is a real pain. These are very intuitive, obvious, current truths. You put the
proposition in front of people that says – do you ever read privacy policies – No I don’t. Would you prefer
when you submitted personal data that the organization has to sign your privacy policy – of course I would. At
that level, it is intuitive and easy. And therefore, at front bench policy level, politicians are attuned to trying to
keep their thinking in tune with the person on the street. So they can say, it is a no-brainer, of course we should
switch and restore personal data back to the individuals, give them their data back, let them have their own
education records. I think they are right to perceive it as fundamentally the right thing to do, in efficiency terms,
in data logistics terms, in human rights, legal, economy, its plainly an idea whose time has come. [What about
profiles online?] That is your profile with one organization which isn’t linked to your profile with other
organizations, which you may feel is “yours” but the company probably specifically feels it is “theirs”, it is
probably in their terms and conditions. There has been some technical responses to this problem in different
blogs, with OpenID or the ability to use of different services with the same set of log-in credentials, we need to
build on those you have got a really strong log-in or proof of identity that is portable across different services.
Then you need to go to the stage where when you delete your data, it remains deleted. And when you change
your data, it is changed in all of the places where you permissioned it to be changed. Now whether that works
on a subscribed to me basis, you implement the change and it cascades to all the services you want it to, or
whether some people argue that the data should only reside in the data subject, with the individual, and the
organizations that want that data should send executable code to the individual to get what they want. We will
see how these different things will play out. The second enterprise that I have started is a direct response to the
need to create trust on the side of the individual. It is part of the Young Foundation, which is an incubator for
social enterprises. They founded things like the Open University. The foundation is at an extreme in terms of a
sheer high-tech play, it is a sociology background rooted in studies of poverty in the east end of London.
Michael Young is the name behind it, and died six years ago, founded in his lifetime between 60-80 social
enterprises, a good 80% still survive today. He was genius at spotting social needs and creating sustainable
institutions to respond to them. His biggest achievement is the Open University and the Consumer Association,
which his foundation was taken over by Jeff Mulligan who used to be Blair’s head of strategy, ex-IT, who
formed DEMOS the think tank. Michael Young was Jeff’s guru I think and after Michael Young’s death, Jeff
took over the Young Foundation. Jeff expressed concern about many of the state created and controlled ID
architecture, which is the “permissioning hub” of everything we do in our lives. That was a concern I shared – I
was a government IT research entrepreneur. I am a completely signed up member of NO2ID. My concern after
20 years of looking at government was that all the IT that they were doing were going in one direction – it was
all about centralizing, sort of disempowering the individual, taking down barriers to data sharing, and there was
this fallacy that they could create some sort of deep truth about the individual by sharing all the intrusive but
also inaccurate datasets they had across dozens of government departments. So I met up with Ian Henderson
who had a long track record in trying to fix CRM or seeing what next generation of CRM would look like. He
was very involved in Project VRM and also Alan Mitchell who wrote a book “Right Side Out” and founded the
buyer-centric commerce forum. We had a shared view – Jeff’s view was to solve the identity problem, we
needed an identity foundation, a third sector organization where the biometric and identity information would
reside and be trusted. This is not a role for conventional for-profit businesses, nor rightly a role for state. I think
Jeff is right about that. We decided to set up the MyDex community interest company. MyDex is a community
interest company, which is a new specific legal form devised by Jeff and it can be entrepreneurial but it is
regulated in that it has to serve a community purpose, and have a formal statement of community purpose, the
bulk of its profits have to go back to serving that community purpose and it is asset locked. The idea is if we
create through MyDex a platform on which people can have a rich personal data store, can invoke third party
authentication or verification of claims (I have a degree, I have a driving license, I am entitled to live here this is
my name and address, or I am a real person even though this is a pseudonym or the equivalent in real life of the
production of a gas bill, council tax bill that people have done for years) and the ability to do selective
disclosure. For this transaction, I am over 18, here is the money, give me the beer. Or I want to hire a car, here
is the proof of a driving license, here is the insurance, here is the money, give me the car or what do you need;
either one-off or ongoing. So it could be I use Vodafone, I use Amazon until further notice. Whenever you want
to deliver something to me, just ping me and I will give you my up-to-date delivery details. Week after week it
will say blue door number 26. Or one week it will suddenly say yellow door number 28. Miss Jones is entitled
to sign for it here is my digital signature. But it is none of your business whether I am on leave or at work or ill.
Put those three things together – personal data store, the ability to do selective disclosure, the ability to prove or
verify claims with a third party authentication, then you bring the individual into the relationship in a structured
and scalable way. The reality is individuals have to manage their own usernames, passwords, guarantees, serial
numbers, insurance quotes, credit cards – people are spending one and a half weeks a year dealing with
customer services, and a lot of this is repeat nonsensical stuff, not elective decision making. In generic terms,

94
the individual has a huge administrative task of maintaining their personal data; it was always big, it’s just
becoming exponentially larger because of the number of online services they are using and the amount of
information that is generated. If you do e-commerce, you might have printed out a web record of your
transactions, they might have emailed something to you, maybe you made a note of it - everything is in a
different format in a different way. Tesco might have some huge store, which says how much cholesterol you
have or what your sugar intake was, which you might suddenly need to know if you have become a diabetic or
something. I don’t think we are in a position to simplify it. I think we are in a position to give people the tools
to manage it better. If for example Tesco has information, which would allow an analysis of the healthiness of
your eating patterns, that should reside with you, and not with Tesco. And there are a few reasons for that. One
is Tesco may know how many doughnuts they sold you but they don’t know how many doughnuts you bought
from other people. If you are going to start getting added value from mash-ups for example of your health
record, your fitness record and your diet record, that plainly has to be done on your side. You are not going to
say – Tesco please dial up the NHS and provide me with a customized mash-up – only the individual can act as
the point of integration, which is the basis for the added value services. Only the individual can look into the
future and say my needs are about to change dramatically because of a change in circumstances, which I am sort
of planning, and I can foresee, but no one else can tell my past behavior. The reality is the individual has to
manage their lives. Say you are applying for welfare benefits; you have to fill out a form. If you had already
filled out 80% percentage of their fields already, and you had a pre-populated form as a result, that helps you. I
also think if you are in a vulnerable position and you desperately need cash from the state, the present position is
people give away large amounts of personal information because they have no choice. And actually I think
vulnerable people – it’s for them that human right laws and privacy laws are written, because they are the ones
that need protection. Just because your life has got into a difficult state doesn’t mean you should have any
dignity, ability or choice or control, within realism and within the limits of what benefits policy allows, you
should still be in control of your lives as much as possible. And also I think it is rational that people should be
able to model what happens if I stopped taking my benefits, and take this job, and what does it look like. Or if I
wanted to get a job, and I am happy to do a bit of studying, what sort of job can I get now, whhat sort of job can
I get if I did 3 months of study. You can only do that if you have a rich personal data store on your side. What
are my present qualifications and experience, and how can I model that against the jobs that are available. I
would call it “organization centric” - we are absolutely locked in an organizationally centric - there is no other
systematic structure. People have yellow Post-Its, and Excel spreadsheets, and their correspondence files,
people use any manner of solutions to hang on to their…the point I am making is people need tools which help
them, and when those tools conform to standards so that the way people do this because scalable and structured,
then it makes new economic possibilities, both for savings on the government side because they are very
concerned about, and also economic growth to spring up.

3. How can we manage privacy in this new environment, and who is threatening it?

At the moment, there is a predominantly organizationally centric way of looking at things – the organization has
to hold the record for the customer, it is the organization’s job to keep the record up to date, that personal data is
a large part of the organization’s value, they perceive it as rightfully “theirs” – what we need is the emergence of
the joining of that with a person centric model, and for the two to work together in a structured way according to
rules and technical standards which will have to emerge. MyDex is a platform that delivers the personal data
store the ability to get external authentication and verification and the ability to do selective disclosure, so that
entrepreneurial new services can spring up on back of that platform on the side of the individual. At the
moment there are lots of entrepreneurs around saying – I can do person centric health records that you can
manage your own health and do clever things with it; or you can do CVs for contractors so that you can apply
for jobs initially and anonymously and model the job market if you want; or we can provide services that will
allow you to get the best deal from banks and stuff; but all of those, if they are going to move beyond price
comparison website models, they really need personal data to work well. They all face the same challenge –
they have to say to the individual, just trust me and I can do wonderful things – and the individual then says “but
hang on a minute, I trusted Facebook and Facebook screwed me over, so how are you any different?” And then
you are into a sort of a new start up company saying “newco is different because you can trust us” which is
almost in superable. What MyDex says is: “we are social enterprise, we are a community interest company, we
are asset locked, we exist solely to build trust inside the individual, we technology agnostic we use whatever
works, we will build a platform that guarantees the information is only controlled by the user and the data
architecture rules that makes this work will remain a community asset. They can’t ever be sold to Facebook or
Google or Twitter. It is a commercial enterprise, it is entrepreneurial, but it is a community interest company, it
is regulated, not a not-for-profit it can borrow money, it can sell shares, it can pay staff, it can pay interest on
loans. What it can’t do is sell the underlying asset into a company that is not similarly asset locked. It is a fairly
new legal form that is designed to protect things like playing fields or community shops – if a community
invests in a village shop or a playing field, they may well feel that we are happy to do this if it is for the
community but we are not going to do it if it is going to be sold to a property developer. A community interest

95
company does not have to be a charity, it is lightly regulated, it is easy to operate and set up, you can borrow
money, pay stuff, make a profit, but what you can’t do is sell the key asset for something other than the
community purpose or go into an enterprise that is not asset locked. Our view is that a platform that allows
individuals to realize the value of their personal data is absolutely a community asset, that this legal form is
perfect for what needs to underpin the emergence of a person-centric ecosystem. If you are providing really
detailed services about how to manage health conditions or how to get better tax free investments, or how to buy
a car – this is going to need the full energy and inventiveness of the market to drive it back to a range of
services, underneath each of those services, they will want cast-iron guarantees that the data remains with the
users. Or to phrase that carefully, management and control over the data and what is done with the data, resides
with the data subject. And also let says an extension to the data architecture is necessary, and say a health
company comes along and says “we’ve got a new way of managing diabetes but in order to help people do that,
we need to have these new 350 fields”. In the MyDex proposition, that’s fine you can build that in the MyDex
platform as long as those 350 fields, the architecture, is gifted into MyDex community. Because the user might
need to use that data for something else, or they might just not like your service and want to take it away – the
user has to be able to press the delete button and all the data is deleted, the user has to be able to say “I am going
to stop using Diabetes Care and switch to MyDiabetes, and Diabetes Care does not have the data anymore”.
These are principles that are emerging in the data liberation and data independence manifestos. MyDex as a
social enterprise is an institutional response to how you can make that happen. There are lots of other people
doing this – the World Economic Forum had a big event in June about future programs in personal data. They
invited the large telcos, banks and tech companies to that – we think Microsoft’s You Prove is a much more
important technology to watch – this is the blind credentials invented by Stefan Brands, sold to Microsoft about
two and a half years ago – Microsoft are putting it into the Higgins Project. IBM has got some critical
technologies developed by a guy called Jan-Keminish-Zurich. But those technologies haven’t yet prevailed in
the market, not because they are not there, but because of a lack of demand - people aren’t demanding privacy
enhancing technologies because if you just leave it to the organizations to configure the world they want to
create, it suits a lot of them quite well not to have any privacy for people. Then actually what you have is - the
data is shared, trashed and inaccurate and all of us living on toxic soup behaving paranoid and demonstrably in
irrational ways – “they will never find me, I am one in a billion” and next minute they are Googling something.
Or they will say I am never affected by targeted behavioral advertising, and the next they will say it is quite
useful on Amazon when they make recommendations on books and I bought it. The present state is that
disempowered consumers are demonstrably irrational and arguably somewhere between depressed and denial
about how this model works, and actually if they are brought in a trusted and structured relationship, this would
create huge value.

4. Do you think new laws are required to regulate this space?

I think we haven’t worked out how much we can do with existing laws and regulations. For example, if
individuals have a database of their personal details, is that protected by database law? If individuals can enter
into a contract with organization, where that organization has to decide whether to respect their personal data,
you can protect that under contract laws. For example, here is an anonymous request to buy a hybrid SUV, and
if you think you have got something to offer come back, it would come back to me. Then you can proceed to the
next stage - ok four garages, I am going to reveal who I am to you, but you are going to pay me 250 pounds
when I buy from one of you. This is good value for you, garages, because normally you would pay 500 or 600
quid for a qualified lead this is a guaranteed lead because you only need to pay when I actually buy. This kind
of arrangement can be protected by contract law. I think we haven’t yet seen the full force of data protection
law. You can imagine a single button subject access request where you have gone to service such as a bank or
Amazon or Tesco, and you would say “I want all of my purchasing data from Tesco for the last 3 years that you
hold on me”. This is a single button subject access request – you press one button and all the status is going to
come down in a structured digital way straight into my personal data store. At the moment, when you do a
subject access request, it is weeks and weeks, you send them a check and you get 800 pages of photocopy. And
you have to go through it, and on page 350 you find the fake signature and you will that somebody has gone a
mobile phone in your name. So I think existing law, copyright law, contract law, data protection law and to
some extent human rights law (because of the right to a private life) has got quite a long way to go before we
start with new laws. There has been a couple of European rulings, so very few. The issue in the UK has been
our implementation of the Data Protection Act is a very weak version of the European Data Protection
Directive. There is a separate legal process to bring the UK into line with its obligations there. It is pretty thin
on the ground but it is not none. I think the European Court Marper judgment that was a human rights judgment
on DNA. And there was I vs. Finland - about a nurse who had HIV and her health records was visible to others
and she was hounded out of a job. So I think there is a bit of that kind of stuff, there is much more copyright
and contract law. I think that will work, inside the individual, and the benefit to organizations for making this
work that I hope, and I expect that they are willing and voluntarily enter into data-sharing agreement with
individuals. Because at one end, it is a statutory requirement to meet a request for information in certain
circumstances so that is covered, and at the other end, real evidence of purchasing intentions is so valuable that

96
it is worth signing a form. The direct marketing professionals recognize that there is a problem and they are
going to lose their industry unless they switch to a permission basis. I have a lot of sympathy for the privacy
activists. I think they were the first to kind of wake up, make noise and treat this issue seriously. But I actually
think the way forward isn’t - it is not simply through traditional privacy activism – I think there are going to be
new technologies that are going to bring constructive ways of engagement that allow individuals to protect their
personal data in powerful ways which create great value for both individuals and organizations. I expect that the
quote (“privacy is gone, get over it”) is often misunderstood. I have some sympathy with a view that says, we
do now live in a highly transparent society and it is not worth just being angry about that, you’ve got to adapt to
the new reality. It is not the argument I would pick, I would not pick the argument with either side. I would
focus on dignity and human relationships – it is a very “soft” sort of term, very important and a great loss if
overlooked; I would focus on good design, providing services with real empathy, and then I would focus on
power, control and value because I think that is what is at stake.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

Last 20 years – the population of the Internet, Google, Facebook, CCTV and a control freak reaction to the war
on terror.

6. In your experience, how has privacy changed your everyday life?

I think what you have to eliminate is hypocrisy. I think it is important to be comfortable with who you really are.
If you are comfortable with who you really are, then you can be pretty sanguine I think. The more I realize how
irrational the design of most customer facing activity is – call centers, customer services, banking, the more
impatient and annoyed I get with it. That can make me quite bad-tempered in dealing with the call center staff,
even though it is not their fault, it is the fault of the underlying design. I have one mobile phone taken out in
my name and I had to engage expensive City solicitors to get Orange to back down and admit that it wasn’t me
that had taken it out. It is all in the WilliamHealth.net blog. More generally, I feel thoroughly unsympathetic
and quite hostile to being photographed - CCTV cameras photographing my car. I feel that if I was stopped by a
policeman, and they said who am I, I think you should know because they have been filming my car for the last
four hours. With the number of databases, you still can’t work out who I am, what were the hundreds of
millions of pounds spent on. I won’t do a CRB check because I am just not up for it. I have done some
volunteering work and skirted around the issue. But the harmful effect on trust and society, the ISA vetting
processes is not to be underestimated. There is a climate of mutual suspicion that makes me genuinely dislike
organizations that treat me in a sort of overly mechanical and procedural way. That is a wider question than a
privacy question but it is about - the swing of the pendulum is such that there is no trust with the individual at all
and no trust can be achieved in online relationships. I have got a very poor memory, besides I don’t want to live
in a world where you have to remember memorable names, etc. It is like some sort of disability, because it is
very hard to navigate through a lot of processes if you have a very poor memory. The climate of entrepreneurial
risk-taking and technical innovation is peculiarly strong in the Silicon Valley. The particular mix of
authoritarian intrusiveness in the last decade is actually worse in the UK, than in the US. They never suggested
having the ID card in the US, they don’t have an NHS, they never suggested centralization of health records,
they don’t have Data Protection laws in certain ways – it is sort of different. These are global issues with local
manifestations. We should be much more paranoid than they are. We had a lost decade and there are signs that
we are getting back on track now.

97
Interviewee #10: Becky Hogge (UK based music and technology writer, former
executive director of the Open Rights Group)
Date: June 2010, in person interview.

1. Why is privacy important in the context of digital technology?

There are two parts to that question – why is privacy important and what has digital technology got to do with it.
The simplest answer as to why privacy is important is that it underpins human dignity and that really
underwrites every other human right going. Digital technology complicates privacy because in the analog age
say, both paper and people have a way to forget. Paper gets locked away in filing cabinets. References get lost,
paper gets moved or destroyed. With digital technology, you can have perpetual storage of almost everything
that you would intend to store, and also by the way for example that web browsing works things that you might
not even intend to store, end up getting stored perpetually, because the cost of memory begins to be cheaper than
erasing disks and reusing them at the simplest level. And as an adjunct to that, if data is being structured in any
way, querying that data is becoming trivial compared to looking up files to find every person who has a brother
or a sister who is living in a certain district, that could take you a month or a year, but with digital technology
you could have a return on that query very fast.

I was already an adult when a lot of the web technology because popular, mass popularized, like Facebook. I
had the opportunity to get in touch with old friends, people I have not seen for 10 or 15 years. Also, the
qualifications that I gained, my school record, they were all on paper. They are really two ideas – no one really
will have that opportunity again because everyone will be in constant touch, I am the last generation who really
had that opportunity to be so forcefully reunited with my past. Whereas, one can imagine that if you had from
the age of 12 had been listed on a social networking site, even though most of their terms and conditions would
discourage you from doing that, a lot of young people are, you would remain in constant touch with a very wide
audience of people, getting wider. The other thing that I gathered when I was packing away from a shared
house, I had all these paper records – my university essays, my qualifications, my school records, all sort of
photographs from holidays – and they were all there, that was the only place they were, in that box and I had
control over them there. My university, which is just down the road, I recently applied to get a certificate of my
undergraduate degree, they had no record of the essays I had written, that was all handed on paper and handed
back to me. In that sense my past was obscured. Fast-forward one generation behind me that is no longer the
case – things are digitally stored. It is the Cardinal Richelieu thing, it is the potential for just one piece of that
data set taken out of context to incriminate you at some point in the future, that is what is troubling, and
obviously troubling to a lot of people.

I focused on the negatives – the Cardinal Richelieu idea – give me five lines written by the hand of an honest
man, and I will find you something to incriminate him. [The quote is “If you give me six lines written by the
hand of the most honest of men, I will find something in them that will hang him.” Cardinal-Duc de Richelieu:
9-11-1585 to 4-12-1642; a French clergyman, noble, and statesman]. That is probably misquoted, but you know
the one I am referring to. To rest on another negative consequence, which I didn’t get to mention which, is
phenomenon called apophenia – which is seeing patterns where patterns don’t exist i.e. false positives. And
start making assumptions about people that is not only taken out of context but assumptions that have no basis
in reality at all. When you see human rights and civil rights activists get very upset about privacy in a digital
age, it is that sort of practice that they are concerned about.

To ponder on the positive aspects of the 24/7 memories, I have often speculated that as human beings we put up
too many barriers and too many faces to the outside world. All of us have a secret that we don’t want other
people to find out about, whether that’s from our past or whether that is about a relationship in the present or
people that we know. Actually we probably spend a lot of effort covering up and worrying, people tend to think
that the world is more concerned about them then it really is. Maybe if we are in this panopticon, total
disclosure or transparency age, maybe we can relax about who we really are and not put up so many faces. One
of the most interesting examples is in politics – certainly, I have not taken much interest in the politician’s
personal lives. I actually don’t mind if they experiment with drugs in early years that would point them out to
be a normal human being. I really don’t mind if they are having sexual affairs with people, maybe with their
staff that might be a bit dodgy as it may impinge on what they are doing, but if it does not interfere with their
job then it is none of my business. I think that as we get a generation of politicians who will have their past
totally disclosed, that we might start being more honest that we are all fallible and yes we should hold our public
servants to account if they are misallocating resources, it was scandalous, but if they are sleeping with someone
when they are married to someone else, or if they are actually homosexual when they have never come out, who
gives a damn. That is not what the job is, and at the end of the day, we are all in beta, and we should be allowed

98
to make mistakes and learn from our mistakes. That’s how we learn – these perfect political machines that we
believe our MPS to be, never put a foot wrong that is not a natural human being. You think that can’t be true, so
what have you done wrong.

2. Do you think the boundaries are shifting between the private and public?

Everything that I said just now about full transparency might be good for society might imply that we were
going through such a transition. I still think most ordinary people who are posting their holiday snaps and
photos of their wedding on Facebook feel like they are doing that in a relatively private space. Actually a lot of
interaction that is public to a certain extent, especially if you haven’t really worked out your privacy settings on
Facebook, it could be totally public, I do think that people who are doing that are doing so in what they perceive
to be a private realm. I hope that perception will end up winning the day. Even though in a café one can hear
someone else talking about their relationship problems with their best friend, earwig or pitch in to offer their
own advice, social norms will begin to develop hopefully, strengthened by whatever technical measures we can
come up with that work to maintain the idea of a private and a public realm.

If I was Facebook I might argue one thing, and only to strengthen my profits or my business model, I think
Facebook are perpetuating a deception on people. They are saying that their website is a great place for people
to hang out with their friends. But they are very mute on the fact that when you publish stuff on Facebook,
unless you are very “oh-fay” with the settings, you are actually publishing to the web, which we understand up
to now is a public space similar to media. So actually if I was Facebook, I would not get involved in that
argument because it might lift the lid on the deception that I was perpetrating on my users. When you say public
or private, I am guessing what you mean is by public as in available to the public as in shared with a corporation
like Facebook. It is interesting when people do put their wedding snaps up on Facebook, because the business
model of the Princess of Sweden’s wedding on Hello, and your weddings photos on Facebook is exactly the
same, except on a smaller scale.

3. How can we manage privacy in this new environment, and who is threatening it?

First question – what are the consequences? You can answer the question in so many different ways most of it
is speculation. Going back to my very first point – why is privacy important – that it underpins human dignity
and that is the foundation for every human right going, perhaps you will see people being less outspoken, taking
less of a stand. Already there are certain professions, for example the civil service in the UK, where to have
been involved in any political organization beforehand is almost means you can’t join. Ambitious young people
may think they can’t be involved in their local party, they can’t be involved in this issue, or this specific
campaign because it might affect my life chances. And I know that the information will be there that I have
gone on this march or sign this petition, and I have already met people who won’t sign Internet petitions because
they don’t want that information to be…there are petitions of quite reasonable issues. And it is very hard when
you live in Britain, and you have always lived in Britain, to conceive of the consequences of the erosion of
human rights without going to one or two extremes. Either you think it is going to be like Orwell or Kafka, or
this is Britain, and it is fine. The fact that we are the most “surveilled” country in the world people have a hard
time dealing with it because it does not fit with them national identity and so they ignore it. Certainly working
as a civil rights campaigner for a couple years, I found that I was bricked-walled in a lot of person situations,
social situations when I spoke about what I did by people who did not really understand the problem. That is
one consequence and it could be the erosion of the right to anything, it could be erosion of free speech, freedom
of association similarly. If you are worried with location technology that you could be tracked in a particular
way, if you are taking part in - already you will see climate change activists leaving their mobile phones at home
so that they are not tracked. That necessity might put off a number of people who might feel…to what extent it
is about what could be done and about the perception of what has been done. There is a suggestion that location
technologies are already being used.

The vulnerable are the immediately threatened. If you think about some of the last government’s rampant data
collection activities and rampant access to that data – I would not like to be a woman or man fleeing an abusive
relationship, trying to break out from a criminal facility or trying to escape an abusive partner, the fact is that if I
was on any kind state benefit, then any number of council workers could have access to my current address, and
it would just take one payment to a corrupt council official for whoever was pursuing me to find that data. Then
if you want to pursue the fantasy of a sort of an intolerant regime coming into power, all sorts of minority
groups from women who chosen to have abortion, to homosexuals or Jewish, or religious minority. Already if
you are Muslim and living in this country it doesn’t matter what you are doing you would have experience some
kind of prejudice being stopped by the police particularly if you are Muslim and looking like you are Arab.

What’s really interesting about privacy as well is we actually aren’t terribly good guardians of our own privacy.
I am sure in your research you will have come across the studies, which show we will sell for the price of a

99
handbag. Living in a smaller community, the privacy is almost non-existent (they know everything about us just
through observing us because it is so small), but also you will see that the boundaries are set, so for example if I
have got to know people they say explicitly, do come around the back, that is establishing a boundary or
intimacy that we didn’t have in the beginning, don’t be a stranger. They say no one will come in unless they are
invited – the threshold is there. Everyone knows people’s business but when it is talked about it is either done
in hushed tones or not at all, there is still that idea of context and respect that I think is probably the best hope of
securing a modicum of privacy for ourselves. I find the cybernetic aspect of this to be very interesting – the
union of man and machine – because in those aspects we are so different, man and machine. In machine, either
we can do it or we can’t do it and even when we can’t do it, we find a way to tell the machine we can do it, and I
am talking about digital rights management or reverse engineering. It’s either yes or no - one or zero. There is
no context there is no induction in that way. Unless someone has already thought that through, and programmed
the computer in this set of circumstances, to behave this way, it is one of those things that is the hardest to work
out if we are going to not become slaves to the way that machines like to do things. We are just going to just
carry on doing things the way we like to do things, and augment them through the use of machines. Technology
is at its most powerful when we don’t realize it is there, and we don’t realize it is working. I think that a lot of
people have starting to use web technology, like Facebook, without really realizing how that was working.

4. Do you think new laws are required to regulate this space?

Yes I think we do. I think we do have laws – data protection laws and human rights act. Maybe the reason that
the laws have been so ineffective, and they have been ineffective, particularly with something like the
behavioral advertising company Phorm which was clearly in breach of the law from the very beginning, actually
in breach of interception legislation which is linked to privacy but not data protection legislation. I think that
BT is also in breach of the law. I don’t know where the criminal investigation has got to, and I am hoping it has
gone somewhere it has taken a long time. The reason why the law has been ineffective is because it hasn’t
dovetailed with the political agenda, and the political agenda has been about data is power – it is almost 1.0
response to digital technology – it is very naïve, you can see why it has happened in this country. When Tony
Blair got into government, Google hadn’t even registered its domain name. So that one government has had to
cope with this whole new technology, and work out how to deal with it, and of course very close with Bill
Gates, Microsoft who were talking about, saw the way that that happened – it is about centralization, its about a
product, it is about the NHS data spine – for whatever reason, politics have been not favorable to privacy. And
as the mass adoption of the web in particularly through things like social networking and their consequences
come online, maybe we will see the political agenda changing. No matter how great laws are, they need to have
political backing to be ultimately successful. It is very hard and I think it is getting harder just to have the rule
of law stand up for itself. Look at the war in Iraq, look at all these things where government has been able to
hack the system in order to stay just outside the law. We often play with the idea at the Open Rights Group, and
it always won me over, looking at the way health and safety as an issue has been main lined in the commercial
world, and that’s by making board members directly responsible and having them face even prison sentences
particularly fines if they don’t comply with health and safety regulations. Data protection does not have that
teeth at the moment, and I think boards of directors will be most switched on of companies if that was the case.
There is also this news that come out of the US last week from the Office the Management and Budget about
how they propose to protect citizens’ privacy as government becomes more transactional online, as people
intend to debate policy online, which signals at the federal level maybe a bit of intention on privacy in the
United States. When I was working at Open Rights that was exactly the problem I had that I knew the answers
to, but with privacy we have no idea. NO2ID has a very nice concept about “informational privity” which has
something to do with contracts, which on the record I will have to go on now to say that I never really
understood it, but I am sure it is very coherent. Then as a campaigner for open rights group, I didn’t know what
the answer was and it was heavily political and it depends on your view of the state. You could argue that the
European view versus the American approach is about their view on the state. The Americans don’t trust the
state to look after the data, they will look after their own data and this has had positive and negative
consequences for their legislative landscape and the landscape for privacy. In Europe, privacy is huge as an
issue. You will see data protection legislation implemented to the letter in Germany where there is a huge
impetus for citizens to be protected from the large state, everything is done in small districts, there is no central
authority that collects information. A bunch of products and laws, example data retention law, has been found
to breach the right to privacy in their constitutional court. And in England, we have the dual dragon of “its
Europe and they are covering us in red tape” and “we are British and we don’t need and we are very good at
defending our civil liberties”. As an outsider looking at that patchwork [of laws], I have no idea and not
knowing enough about the cultural norms that prevail in those countries, I couldn’t even speak to that. But it
does worry me when I hear about places that I would say, on the spectrum of democracy that is quite low maybe
China, starting a country wide genetics database. Because you think that information is too powerful for the
state to hold, and especially when the state can’t be held accountable for its actions.

100
Interviewee #11: Christine Zaba (UK based journalist and digital rights
campaigner, union liaison officer for NO2ID)
Date: July 2010, in person interview.

1. Why is privacy important in the context of digital technology?

Because digital technology keeps a record of everything, and therefore, if everything is known about people,
then they no longer have freedom and it narrows down people’s choices.

2. Do you think the boundaries are shifting between the public and private?

People don’t realize that the digital realm is so public. When I started using the Mac LCII, I got hold of a book
called “The Mac is not a Typewriter”, because as a writer I was using it like a typewriter. It was a book written
for all the people who work in offices all over America who had been given computers. They were being made
to use computers in the same way that they had been using typewriters before. So she wrote this genius book
saying there are loads of other things that you can do with a Mac besides using it as a typewriter. It was a great
little book because it was so easy and simple. Most people who write their blogs, their lives and their Facebook
details and all the rest of it really haven’t made the connection that the Mac is not a typewriter. That what they
are doing is not private or not just sent to the people they intend to send it to, there are loads of other people,
millions or billions possibly of other people who could potentially read it, or own that material, it doesn’t belong
to them if it is on Facebook, it belongs to Facebook. All of these things are such difficult things and they are
writing this stuff and giving it away, and they don’t realize that they are giving it away. Hence it is perceived as
private, it is not really public because it is owned by somebody else, who may not be a public body, it may be a
private corporation. That whole area is very complex – it is not simply a public to private or private to public
shift at all. It is about ownership.

3. How can we manage privacy in this new environment, and who is threatening it?

It is a new technology, using the same idea of numbering and cataloging people. It is not a new idea – the census
was in the 19th century – it has been going 200 years. I think it is a consequence of the industrial revolution
where large constituencies of people have moved around the place and the state wants to keep an eye on them,
tell them what to do. And before that there are other ways of organizing the state, which were equally no less
intrusive possibly like being based on your parish, and not being allowed to move out of your parish, and having
to be on the registry in church every Sunday. I am not saying that long ago everything was kind of utopian at
all, I am saying that this is an aspect of the modern age. I think the numbering of huge quantities of people and
the cataloging of them is an aspect of the modern age. So the new technology is being applied to that mission.

Who is the enemy? Anyone who looks – I don’t know – it is a good question. I don’t think it is big brother as
much as Kafka. It is the bureaucracy itself, the bureaucratic machine. There are organizations who work with
victims of identity fraud and identity theft, and if you have experienced that kind of theft, it does devastate your
life. It devastates your life if you are stalked. The police hate Facebook because they are always getting people
who are bullied and stalked and harassed on Facebook. It is already happening but it is not happening to the
extent that it could or may happen. And there is still a chance to stop it, I think.

4. Do you think new laws are required to regulate this space?

Yes I think that is the solution. We need legislation that allows for the ownership of this data and that is what
hopefully the various privacy campaigns are going to be working towards. The Data Protection Act is about
employers having your data. This is not about employers, it is about other things, it needs to be deeper than that.
Our data is ourselves in the “digisphere”, and therefore it needs some legislative protection. And it is very
difficult because every jurisdiction has a different view. They [America] don’t have a data protection act. The
idea in the States is that once the data is there, it belongs to the person who is using it. It’s theirs to use so it is a
very different sense. It is interesting looking at the politics because I think Europe has a very real memory of a
police state, and what that really means in practice and we did after all have fascism on European soil and we
know what that means. And it was the IBM computers that put those people in the cattle thrusts and
concentration camps. So the thought of being listed, named and having your ethnicity listed, and then the
mischief that can be done around that by criminals, malicious people, blackmailers, and so on, is very much
more real I think in Europe than in the States. They don’t have a memory of the police state, it is always
something that happens elsewhere and most American’s don’t travel, it is a bit theoretical, they are not scared. I
think in Britain, in Europe there is a real fear and that’s why Germany is taking Google to court. Germany of all

101
places – it is no accident – Germany is very particular about data privacy. They are outraged and rightly so.
People look to Britain as a sane and fair society. The last 10 years of what has happened in Britain is very
interesting and it would be interesting to know where it all really started.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

There are key things – twenty years ago, the Internet was in its infancy, and this whole business about yourself
online is happening very quickly. Twenty years is a lifetime. It is pre-history in digital terms, twenty years ago.
But I was there so it is interesting we are that generation that crossed that transition, so we are uniquely placed
to comment on it. Because the kids coming up now have always lived with this stuff. In a way, if we don’t
explain no one will, so it’s quite important to be conscious of this and I have given it a lot of thought. Twenty
years ago, there was email but there was no Web. People use email a bit but it was this kind of weird arcane
thing. For me, I noticed a big difference around 1999 when suddenly everyone started to use email in business,
all your work kind of went online. As a writer I was allowed to submit work via email. When I look back at my
Google footprint, the first things that Google picked up that I signed, all unknown, was in 1998. I was one of
the earliest people to use this stuff. So that’s when I kind of date, that’s when it started gathering the
information. As well as that there were the UK crypto wars, so all that happened around the turn of the
millennium. We won that, and that was good. Then we got 2003, Mr. Blunkett started talking about the ID
cards and that was post 9/11. So there are phases and you can trace them. There was another big change around
two years ago, when everybody suddenly started hurtling onto social networking. And now, you have millions
of people around 500 million on Facebook. I joined Facebook a year ago as a trade union activist, because I am
branch chair of Bristol National Union of Journalists until recently, so I took care of 400 journalists. They said
to me lets start a Facebook page. So I said yes. And it has been very interesting what happens in these social
networking spaces. I just signed up to Twitter – that is a very different thing again. There is a real human need
to express yourself, to share, to do all of those complex relationship things that people do, and most Facebook
users even now have no idea that they are not using a typewriter. And I come back to that. It is a key thing –
the computer is not a typewriter. And now we have cloud computing – it that a threat to privacy because
nobody even knows where there blinking data is kept anymore. It’s in the cloud and there is a medieval text
called “The Cloud of Unknowing”. It is the knowledge of God – it is the not knowing what God is – the way to
experience God, a relationship with God, (it says in the text) is to send a sharp shaft of piercing love through the
cloud with faith. I have to say that that’s my feeling of about people are doing with the Internet – it is blind
faith, it is belief in magic. And that’s deeply worrying. They are only machines, it is not god and it is not
magic. And it is not the human spirit. They are only machines and machines are stupid. So we need to really
make that clear. I think there is a massive mission for educating. That’s my answer.

6. In your experience, how has privacy changed your everyday life?

That is really interesting actually – I am aware now that everything I write will remain forever in the legacy that
I leave, even after my death. And it is really difficult to remove that. So as a journalist, everything that I
publish anywhere it runs the risk or has the potential of being put online. Some of it is, weirdly some of it isn’t,
I don’t know how but it seems random. A lot of what I write as a journalist and publish in newspapers on paper
is now put in the electronic sphere. Anyone who says anything about me is also there. That’s the biggest change
really. Because that changes everything about the way people perceive you, it’s about reputation management.
It’s a global reach in a different way, but it can be a local catastrophe in a different way. So there is huge
responsibility if you work in the media, to get it right and to be truthful. And also there is risk – people can
defame and undermine you. I know I heard Max Moseley handle the case of his sex life being exposed in the
News of the World. I saw him on breakfast TV recently and the presenter said to him “why are you
campaigning”? Because he is taking that to Strasbourg – he is trying to arrange a new law, new legal process
where editors if they want to publish something about somebody have to let them known ahead of time that it is
going to happen, to give them a chance to go to court to have it tested and possibly “injuncted”. And he said
editors were up in arms about this because freedom of the press. He said but the point is it invades privacy
because long ago it would have lining in the cut of tradesman’s craft but now, he said there is nowhere I can go
on the globe that if people Google me they won’t find this and it is there forever. I don’t agree with Nazi regalia
and all the rest of it, and I am not sure I agree there isn’t a public interest case for exposing Moseley given that
his family were fascist but you know, it is a huge responsibility on the part of the media to address that thing
that it is permanent. I think that the media are not really addressing that in terms of human rights, ethics and
responsibility. I am a member of the NUJ ethics council – this is something that we really think about and try to
resolve. So far there isn’t really a conclusion – on the one side, you’ve got people clamoring for freedom of the
press, which is quite right you need to freedom to expose wrong doing, but on the other hand, you’ve got
incredible invasion of privacy on a scale never dreamt of before. So what we live in, as the Chinese would say,
interesting times. You have got two opposing waves of real interest and in the middle you’ve got big
corporations and powerful governments who want to own the floor, because knowledge is power and
information is power. And information is capital. In my darker moments, I think that we the human beings are

102
now the product of capital and I really oppose that as an educator, as a mother, as somebody who brings people
into the world, the last thing I want is for the human spirit to be degraded and imprisoned to such an extent that
the actual creative energy that makes us human gets destroyed. Because the essence of creativity is “not
knowing” - it is walking forward not knowing what the ending will be, you follow your instinct. [The irony is
that it has to trump freedom of speech.] It is a massive problem for the whole of humanity. I sometimes feel like
that I am on a beach and there is a breeze coming, and people are think it is a nice breeze but what they don’t
realize is the breeze is the sweep out to the sea that caused the tsunami. I am just knocking on people’s head
and saying turn around look at this, look at what is bearing down. They are just saying to me “shut up”. Your
first question – “who is the enemy” – there is no enemy yet at least not at the moment. I am not alone – it is all
about groups and alliances – as an educator I think it is important to try and explain. If you explain to people
the truth in a simple way, and it is the true thing, then people will understand and it’s ok. I am an optimist.

These days it is a lot easier because you can do research instantly. So I can work wherever I am – I can travel
and still work – it has made my work easier. Of course you cannot trust everything online but nonetheless, it is
a start, it is enormously helpful tool. Journalism itself is leaking through all this, because people are blogging,
there are other alternative forms of media that there weren’t before, so the newspapers are not the great
repositories of truth that they were. But again, newspaper only came into being with the industrial revolution.
The landscape is changing, and as a trade unionist, my concern is to try to preserve people’s income and
livelihoods and expertise because what you have got is this kind of so-called democratization of information,
which really means a terrible noise, no expertise or no trusted sources. So you have got the mob – it’s like a
lynch mob – you’ve got mobs on Facebook, thousands of people all talking rubbish. Even if there’s a hundred
thousand of them, it doesn’t make what they are saying not rubbish. It is the lowest common denominator – and
the other thing is, it is terribly important to remember this, most people in the world can’t read and write. Even
people who have been through state education for twelve years, loads of them could only read and write a bit. If
we are going to have an information source that is purely mediated by words on a screen, you are losing loads of
people, not to mention the millions of people in the United Kingdom who don’t have computers at all or Internet
access. And we are in the recession now, where we are supposed to be cutting everything down instead of
chasing tax avoiders, but whatever the government is saying there is no more public money, so I don’t see that
changing. In fact, I see it polarizing society in a horrible way, with people like yourself and me who have
computers and laptops and the latest gadgets, they are really well-off. Yet you have lots of other people behind
the fence, which is an unstable situation for everybody. As a socialist, as a libertarian, as a trade unionist, that
makes me nervous because I am fine but I am not really fine because if there are loads of people who are
dispossessed and cut off and being used as cattle fodder for the others, it is dangerous for everybody. When a
child is born into the world, we want that world to be a welcoming place. We are creating a really unwelcoming
place – a place full of all the vices, full of greed, full of anger, full of envy, full of hatred because of this. We
have to pull back from being so greedy. I think Tim Berners-Lee, who didn’t patent his invention, was one of
the greatest heroes of the age. I am really sorry that more people have not followed his lead. I am proud he is
British.

103
Interviewee #12: Michael Cross (UK based journalist and regular columnist for
The Guardian and The Telegraph)
Date: July 2010, in person interview.

1. Why is privacy important in the context of digital technology?

I come at this from a different starting point I think to most of your interviewees when I looked at the people
you talked to. My personal opinion is that privacy is maybe is less of a fundamental human right, it is more of a
contingent right. The importance of technology is that it makes us think about this, it makes us consider what is
the private sphere and what is the private sphere in a way that we haven’t before. And that’s interesting – I am
not an academic I am only a journalist – but my own thoughts are evolving on this and this is largely to do with
technology.

2. Do you think the boundaries are shifting between the public and private?

In history, they clearly have. The modern idea of privacy is…I know we can trace it back to the 17th century in
Europe, the idea that there was a human right to prevent your home being used to build troops, dates back to the
17th century. Obviously before that in feudal times, there is no such thing as privacy. The boundaries have
shifted in the past, and you could argue that possibly in some spheres the pendulum swung too far towards
privacy where you get these absurd examples of data that should be in the public domain should be for the
community use being protected because of privacy, maybe public health and crime examples. You could argue
that maybe the pendulum has swung too far in direction of privacy, and maybe it is time to start swinging it
back. That said, the people that know about this, just today we saw Amazon lifting Facebook data to its
preferences, that is maybe one example of the abuse of privacy. And certainly we see state examples of abuse
of privacy. I think here the problem is that it is one-sided in the case of the state – it applies it in arbitrary ways,
in ways in which there is no comeback from the system, there is no reciprocity. Likewise in the commercial
sphere, you could say most of the customers were being conned if they knew this was happening, they would
probably say no. So that is unfair. It is a complicated one, as you know.

It’s the technology that has made us confront this for a long time. The whole issue of health records has been a
total mess as long as health records have existed. The health record as such goes back to probably Florence
Nightingale in the Crimean War, she was the probably the first to recognize the importance of health
information to improve outcomes in a systematic way. Health institutions started recording information about
their patients; of course doctors have always recorded information about their patients. But then with the
National Health Service, and elsewhere in the world with large health maintenance organizations, you get a
repository of information there that creates its own value. When the NHS was founded, the issue of who owns
this information was fudged. For a long time, it was assumed that it was the person who held the record was the
GP, and the GP was holding it on behalf of the Secretary of State for Health. There was an assumption that this
information belongs to the Secretary of State for Health. This begun to change as far as the 1980s and 1990s
with the idea of personal data protection really rather than privacy, that people had a right to their own
information. So we had the access to health records act, which I forgotten when it dates from, I think it may
have been 1990 which allowed you for the first time, gave you the right, to view your own health record. And
now we are reaching the stage where, because…that was the legal position when the summary healthcare record
program was started. It was started very much by technologists. There was an interesting story about the
influence Microsoft had on Downing Street. The people who launched the program had no idea of the
complexities of the health record. They assumed that an electronic health record was a self-evident good, and it
was a matter of computerizing it and procuring the best technology to do it. They had no idea of the legal,
medical and ethical difficulties associated with it so they went ahead. And they were forced to confront these
issues. And their answer to it was in fact to concede more and more power to the patient. The patient now has
more control over their medical records than they have ever had, since the NHS was founded, over who see its.
There was never any control, any consent when it was in paper form. So the patient now has more control. So
we are now getting to the stage when there is a real issue of the patients opting out of data being reused for
public health and research purposes. It was default opt-in or they signed something they didn’t understand and
it is probably still happening. Because the whole point of medication it is a paternalistic culture. I am a
rationalist as anyone, but when I see a doctor, I want to see a wise old man or woman who tells me I am ok,
maybe cut down on the drinking a bit. Medicine is a cultural business and if you put too much power in the
hands of the patient, you are changing medicine. Maybe it is for the best, maybe it is for the worse, I don’t
know.

104
The point about the summary care record, the technology has changed it because, and this is where I would
agree with Ross Anderson, it is very different from you computerize it, because it lays open the possibility of a
systematic search. When records were on paper, anyone could walk in and look at it but the chance of finding
anything interesting was zero. Whereas, now you can do a systematic search and although you will probably be
caught, at least the log-in you are using will be logged, the damage has been done and the penalty may not be…

3. How can we manage privacy in this new environment, and who is threatening it?

I think it is and it is forcing us to confront these questions that we never had before. And we have to recognize
that privacy is not a total good, it comes with a cost. It is obviously most people’s default position, because it is
a ratchet, once you have given it up, it is very hard to get it back. It is reasonable to default to the side of
protecting it. But I think that puts an onus on organizations to make the case, especially government, for sharing
it. This is one of the other reasons I am interested in this is through the Free Our Data Campaign which we ran
through the Guardian and we have largely won that on the principle on the idea that government data should be
available for re-use. And at the beginning, we said this should not be able personal data, it should be about
meteorological or geographical data. But then you get some situations where you wonder if there is divide or a
blur between the two. Crime reports are the obvious one. I would say that generally, if you are a victim of a
crime, I am sorry but that is a public event. Partly it is my own prejudice as a newspaper reporter in a small
community where everything was public – where death, crime, everyone knew what was going on, and it was
within the community. I lived in Japan for several years, and there again, it is a very different concept of
privacy. They have a very strong sense of personal household; it is a very secret society. But everyone kinds of
knows as soon as you are out of the door, what everyone is doing. I was amazed after a few years, after I got to
speak the language a bit better, and getting to know people, how much people knew about me. It was true that
there were not that many white faces in our neighborhood, but we are public people but everyone was public
people. But you have the system of the neighborhood police box, the “ko-ban”, the policeman would come
around once a year to check who is living in the house. Maybe that is a state authority.

Obviously we have a total information society, we are generating information about ourselves in a process-able
form all the time, walking around…there is no question it is a new environment though possibly it is one that
affects some types of people more than others. I have a ten-year-old daughter and her generation is just total
information, and they have never known anything else. Many some sectors of society, there is still privacy
maybe you are very old or very poor, then you are outside of this revolution. But generally, it is something
unprecedented and it is changing the world. And it is something we need to understand. My suspicion which is
maybe I enjoy making mischief, and I enjoy winding up some of the privacy lobby is that we have gone too far
towards privacy, and we are too precious about it. But they have a point; if you sat me down with Ross
Anderson I would probably agree with everything that he said.

I think we are returning to an age where there is much less privacy unless you really work at it, unless you are a
very privileged person. And in those cases, people are more protective. Again it is something I come up against
as a journalist, I find it much harder, the restrictions on taking photographs. Here it is difficult because most of
the journalism that infringes privacy is absolutely disgraceful and I cannot defend it. But there is a default
position sometimes even in the mundane sort of work that I do, writing about public policy or technology,
sometimes when I start pushing things too hard, people will come back and try the privacy defense on me. I
have particularly with big contractors to government. It is sort of anti-transparency yes. I also have my own
prejudice and professional culture. It is funny when I suggested a couple of years ago that journalists start
publishing a register of interests about the commercial work they do on the side, which a lot of people do, I got a
lot of resistance. We are finally launching that through something called the Media Standards Trust but
journalists in general although they like the idea of intruding into other people’s privacy, they don’t like it [when
it applies to them]. The Media Standards Trust is a foundation that publishes a website that is called
“journalisted”, which has profiles of individual journalists just scraped from the web, so you can look up the
name of a journalist and find out what they write about as long as what or who they write for is publicly
available on the web, obviously there are problems with pay walls and all. They are investigating the whole
question of standards and transparency in the media – it is quite an interesting venture. It is funded by, and I
should declare an interest because I have received some funding from it, a group of foundations, Joseph
Rowntree Trust is one, the usual collection.

4. Do you think new laws are required to regulate this space?

I think we need more understanding, whether it needs more laws I don’t know. It is an easier thing to say, it
needs more debate and more understanding. Clearly there is a spectrum. There is the absolutely private sphere,
which is what goes on inside your head that is private. There is the Article 8 sphere, family life, which is the
household privacy but that is not absolute. The state has the right to break down the door if they think there is

105
something going on. And then there is stuff that is out there for all. One interesting test case, and I am getting a
lot of hate mail about it, I proposed the register of motor vehicles should be open, your car registration. I am old
enough to remember when it was possible if you saw a car park on your street, it was quite rare, you could go to
the London County Council to look up and find out whose car. This would have been back in the 1960s before
it became computerized. The motor vehicle registration was a public document. I would argue that there is a
case that it should be a public document now, partly because so many authorities and commercial firms have
access to it, if they access to it, then the individual should. There are obvious reasons such as if I see a car that
has been broken into on the street, then it gives you the chance to contact the owner. It also gives you the
opportunity to do bad things. If someone cuts you up in traffic, you know where they live. I would argue that the
motor vehicle registration is a public document and we should have access to it. But a lot of people have to say
disagree. I wrote a piece on it for Guardian Comment is Free, and nearly everyone disagreed with me. Because
people argue that it is private information and that they are anonymous in their car. I think that comes as a cost.
I think people drive more badly and kill more people because they think they can get away with it because they
are anonymous in their car. Maybe that is a sphere that can be more public. Obviously, if I park my car outside
a hotel in Brighton, that is a fairly good sign that it is possible to burglar this house. But I am fairly certain that
private investigators, well we know this through the press, they have access through corruption, to this data.
That’s another good point that Ross Anderson would make that there is always a percentage of people who are
corrupt, and you make it unnecessary to have corruption if the data is public anyway by throwing open the
doors. Maybe that is the answer. Another one that I believe in - our tax records should be public. Again this is
controversial – the Guardian doesn’t like it at all. I think an individual’s tax return is a public document. We
are declaring to the state how much tax we are paying, from that is how much we earn and how much we own. I
think that should be a public document, as it is in Norway. I think that would have all sorts of interesting side
effects. For a start, it would make people more honest about what they declare if they are declaring something
that is really out of scale with your lifestyle, people want to know why. So people will get more honest. People
will always look at their neighbors’ tax returns, I assure you they will, just as they look at their neighbors’ house
prices. House prices are now public data [not many people know that, not many people access it]. When it first
happened, there was a rush of people who did it. And the media use it, even with totally unrelated stories,
sometimes in quite an offensive way. Because it is one fact you can easily find out about a household, when
there is some tragedy, you can put in a line “speaking from the door of his 750,000 pound house, he said…” It is
a fact you can put in, and there are not many facts. We need to create this possibility, don’t we, if we are having
a more transparent society. Maybe we should have, and here is another example from history in the early
modern era at the end of the feudal period, everything was public except in certain parts of London, you have
the concept of the liberties. The places that were just outside the city walls – these are the places of the
prostitutes, the bear pits, and they were the places where Boswell and Johnson used to go out to get up to
mischief. They probably get their purse stolen and catch all sorts of diseases while they are out there but these
were geographically private spheres. Many we need to create, and maybe they will happen anyway, maybe we
need to tolerate no-go areas where these things are possible. Maybe some states will make a virtue of this. I
think most people who use the Web leave trails. And there have been all sorts of cases in defamation and
copyright theft, where people have been tracked down. This comes back to the point I made earlier, the
asymmetry – people expect one thing and they get another and this is where we will get a backlash. Maybe we
are starting to see that [there is a backlash and people recoil from it, massive opt-outs of society] with the gated
communities [on the Internet]. That is a healthy sign as long as that is all you are opting out of, but if you are
opting out of society in a broader sense, then that is worrying. I guess it is people who just had one bad
experience, being stalked or getting into trouble at work.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

It has to be the mobile phone – the assumption that we are always contactable and the fact that it is universal –
that has to be the most important. We are only starting to use the geographical information that comes from it. I
think that has to be the most important. I think so. It has changed the mindset and has created huge amounts of
data. It is massively valuable for criminal investigations and fraud – again people give away much more than
they think they are. It has changed society as well, the sense that we are always connected. I am from a
generation where I will turn my mobile phone off; I like to actually have it turned off not just silent. That is
increasingly rare.

6. In your experience, how has privacy changed your everyday life?

I am not sure if I have seen that many – I mean having a family and settling down, I started a family when I was
quite late, that changes everything and to a certain extent you are public property. Most people have keys to
your house and people are always coming and going. Which is something for many years, when I was a single
man, I didn’t have. So it is personal things to do with growing up that have changed for me rather than
technology.

106
I guess social networking has changed it quite a bit. One example I just had a message on Twitter the other day
from someone who reads my Guardian Column and he works in the area I write about. He tweeted – did I see
you on the beach in Broadstairs at the weekend. I said yes. Were you the guy rigging up your dingy, had a
daughter roughly the same age as mine. It turned out not only did he recognize my face, he reads my stuff but
he works in e-government. We go to the same place and we have arranged to get a beer in a couple of weeks. So
that wouldn’t have happened twenty years ago. There are neighbors around here whom I know only through
Facebook and I am on a committee of a neighborhood organization, and most are retired. That has changed [it
was never possible to search based on locality]. It has broadened my circle of friends – it is much easier to
make friends with say, a young woman who lives in Crouch End, as long as it is remote, rather than if I started
stalking young women in bars that would be rather awkward. So it makes it possible to have a wide spectrum of
friends than I would have had. I had a death in my family last year, my brother died suddenly. I actually
announced that on Facebook, and contacted his friends whom I didn’t really know through Facebook. We set
up a Facebook group and organized a memorial event through Facebook. His friends are now kind of my
friends in real life as well as virtually. Using the social network was very valuable for me, dealing on the
emotional level. It really helped. To say that Facebook is a trivial thing, I think they are wrong, it was a very
valuable experience. It was an important experience.

107
Interviewee #13: Martin Moore (Director, Media Standards Trust)
Date: July 2010, in person interview.

1. Why is privacy important in the context of digital technology?

Privacy is important per see, I think. Privacy is one of those things that people find very important to their
status, their character, their home life, their personality, whether it is digital media, wherever it is. I think the
difficulty now is the environment has changed so radically because of digital media. It’s not necessarily that
people’s attitudes towards privacy are changing, but it’s not necessarily that some of the values that underlie
privacy have changed, the application and the ability to intrude upon, and to expose people and their privacy has
changed dramatically thanks to digital media.

I think there are various significant and fundamental questions around this, which had as much to do with
identity as with privacy. If you step back slightly, it is obvious to say that the ease with which one can record,
whether it is video record or audio record or still photograph, and publish to the world, has meant that there are
no limits to the ability of an individual or someone else treating an individual, capturing aspects of their life and
publishing them to the world. It is made that much more complex because so many of us are doing it ourselves.
It is not that there are second or third parties recording things and putting them up against our will. It is that we
are recording ourselves, and putting ourselves out there and publicizing ourselves. And that makes it
tremendously more difficult to establish where the line is between our private lives and our public lives. Not
only where one starts and where one ends, but also who has control and that is when we get to the identity thing,
which is if there is a photograph of you on Flicker which you didn’t take which somebody else took which was
tagged with your name, and then it comes high up on Google and somebody searches by your name, and it
happens to be an extremely embarrassing or offensive or whatever photograph, what rights do you have to take
that down, to remove it, to de-tag it, etc. All of which are pretty unclear and unanswered questions.

2. Do you think the boundaries are shifting between the public and private?

Yes I think the boundaries between public and private are shifting because as I previously mentioned, mainly
from a practical perspective, the ability to record and publish has changed so radically. The difficulty that we
have is that whilst those who have embraced technology and who don’t see private and public as being
fantastically overlapping, and the line is treated much closer to their very closed personal lives; you also have an
awful lot of people who have not necessarily embraced digital technology, and that who and probably still do
have some of the older people who have wider parameters around what they consider to be their private lives.
Whilst they might not publish stuff about themselves online out there, they can’t prevent others from doing so.
It is more difficult to prevent others from doing so. The tension between…there is quite a lot of difficulty
around the differences between certain people’s attitudes towards privacy and other people’s attitudes towards
privacy, and who has control over personal information and what they can do with it.

3. How can we manage privacy in this new environment, and who is threatening it?

It is a new environment I think, and as with any new environment, none of us have really acclimatized ourselves
to what the right or the wrong way to behave in that environment is, and where the boundaries lie, and the
degree to which the boundaries should be self-imposed as opposed to dictated by legal or other forces. We are
already seeing certain boundaries being imposed. Just last month, the significant discussion around Facebook
and its privacy controls and the complexity of those controls, and quite a considerable hoo-ha about what
Facebook was or wasn’t doing with the data and how other people were using it. I think that is a great example
of how in this transitionary period, where people are experimenting and people are trying things out and they are
going too far, and then this leads to quite considerable public debate and often, but not always, leads to change
in case particularly of organizations who are concerned about losing customers.

I think there has to be a significant role for thinking about and talking about and debating the issues, and what
the implications of the issues are, what the implications of the technology are, not just where the lines are
drawn, how one thinks about one’s identity in the next few years. Take one example – it used to be relatively
straightforward that you would take a photograph and in most cases, the rights of the photograph would accrue
to you, the person who took the photograph. But that precedent appears to be gradually shifting such that the
person of whom the photograph was taken has rights to that photograph as well and around the usage of that
image. That is quite a different nature of control and it raises lots of questions around particularly journalism,
which is where the private concern is, what rights the journalist has over a photographer or the content that they

108
produce, as opposed to the people they are taking photos of or talking about, etc. Clearly that has massive
implications for the production, use and distribution, and consumption.

Although I think that what is interesting at the moment is that with organizations like Google, Flicker and
Facebook, many people believe they have control over the information they put on there. If information about
them is published in a newspaper or broadcast on television, then they absolutely recognized that they have lost
control over that information. It is quite clear that the broadcaster or the publisher is using that information and
have control over it. Whereas, particularly in social networks, people believe that they can control their profile,
to control where the information goes. Of course I think that is where the problem is, that is a false idea I think
that they really don’t have much control over it, and they don’t realize how little control over it they have. They
have their rules, which I am sure you would have discovered by talking to Richard Allan, those are clearly
evolving as we speak. I mean Facebook has obviously over the last few months radically changed the rules
surrounding their privacy settings. Google has frequently had to rethink the way in which it publishes
information; it is constantly being challenged whether it is on Google News or whether it is on the right to reply,
etc. They don’t think of themselves [as publishers], neither are they publishers in the old sense, but at the same
time they do exercise an enormous amount of control technically in terms of the nature and parameters by which
they have set around publishing but also in the way that they use your information commercially for advertising.

4. Do you think new laws are required to regulate this space?

We would much rather see self-regulation in the broader sense as much of this stuff as possible, partly for
practical reasons because when you have such a remarkable atomization - a process of production and
distribution and consumption, then trying from a top down level to impose controls is phenomenally difficult.
Partly from a practical level better to have it self-regulating than otherwise but also from a philosophical
standpoint, because the more you get top-down definition of how you should or shouldn’t behave the less you
can maintain differences of perspective on privacy. But clearly, it is going to be virtually impossible for
governments to stay out of legislating around privacy. And we have already seen in this country based on the
Human Rights Act a series of precedents set around privacy and clearly more of that is going to happen. And as
I understand it, more people are being advised to take privacy claims rather than let’s say defamation claims, etc
to court. From a common law basis, we are going to see more boundaries and precedents set around privacy and
its definition. But equally in the case of some of the organizations, Facebook is probably the best example,
which become so significant in people’s lives where people put so much of their identity and the material
aspects of their identity into a system, then things will either go wrong or people will see that they have gone
wrong in such a way they will escalate, and the government will feel it needs to make some public policy
intervention to protect people and their rights surrounding what rights they have over their own identity and
information.

What I mean when I say that at some point governments feel they need to intervene because – let’s say you want
to opt-out from a commercial company like Facebook, and Facebook say they want to hold on to your
information whether you opt-out or not, then it starts to become a legal issue and you start to argue who has
control over an individual’s personal information. And it does overlap with the governments’ own control over
the information but the government legislates around that too – data protection act, etc there are already recent
numbers of laws surrounding the use of personal information by public authorities and commercial companies,
there certainly isn’t a lack of precedent around this. That is a difficult question to answer. It is not a very
enviable position to be in – the ICO does not have a particularly large funding, its responsibility is not very well
defined and equally, we are moving into a world where it is desperately hard to control the collection and
distribution of information.

5. What are the most significant changes to privacy over the last 10 – 20 years in your opinion?

It sounds obvious perhaps but the thing we are still coming to terms with, I guess it is the avatar idea, we will
create parallel virtual versions of ourselves online in the digital universe and that I think in a very broad sense is
a hugely significant change. Because we have always thought of ourselves as the flesh and blood, the material
me, but actually now we are not. We are the material me, and the virtual me. And that distance utterly changes
– if we still try and think of the virtual me as a part of me, then that raises all sorts of really difficult questions
about the control of the virtual me, which I think is a huge step change in terms of identity and privacy and
control. When we are the flesh and blood me, we morph into our environment according to the people that we
are speaking to and according to the circumstances that we are in. It is much more difficult to do that when you
have a fixed space online – of course, we don’t have a fixed space online, we have a Facebook profile, a
LinkedIn profile, a Twitter profile, etc – we have many identities online as well but those are at an arm’s length
they are at a distance, possibly even half a world’s length. The interpretations that people place on those
identities, and the way in which they use that information, we necessarily have less control over. I think it is
part and parcel of the many of the other changes – the aspect, which is central to journalism, is the ability to

109
record, publish and distribute so that anyone can do that. Now that clearly is very wrapped in privacy but it is
also wrapped in a whole bunch of other stuff too. It is the democratization, the self-publishing, that has changed
the role of the journalists. There are more specific questions about privacy that are particular to journalism. The
one I mentioned before, in terms of who has control of which space of information, I think is probably the most
central. We see that when you hear stories of young people committing suicide – it is called a digital death’s
knock. The journalist has to go in and grab things from their Facebook profile, to go into tribute sites and to
take quotes and other things from tribute sites. Those are questions, which are very central to aspects of
journalism and certainly not resolved yet. In the same way that there were publications in the twentieth century
that would behave in certain ways and others that would behave in entirely different ways. I think the same is
happening in the twenty-first, some publications would just make conscious decisions, hopefully make those
decisions transparent, that they will not behave in certain ways, they will not use or misuse information that they
don’t feel is right. Because the particular problem is, it is a numbers game in a way. Most people who put
information online feel that they know - they have a pretty good idea as to who is seeing that information. Either
because it is controlled within their own social network or because they know that there is a number of readers
of their blog. It is when making the step change from that small network to an enormous network at what point
do they lose control of that and should they lose control of that, and have they lost control of information as
soon as they put it in the public domain, or actually, should one draw much clearer lines or not clearer lines but
at least concentric circles around which people’s expectations should be taken into account and respected.

6. In your experience, how has privacy changed your everyday life?

I suppose in a slightly dull sense, the encroachment of work in personal life to the point where the line between
them has virtually disappeared and digital media has essential made it incredibly difficult to draw the line. That
is particularly the case in linguistics – the way you speak to friends as opposed to colleagues as opposed to
people in your social network as opposed to people in your broader work network, it has got to the point where
you just have to have a consistent voice whatever that voice is across networks and it might not be appropriate
for some. But it is impossible to draw the line. To a certain extent, everything has become a conversation.
Whereas there used to be previous forms – there were more formal ways of engaging, there were more ways of
discussion, there were more formal titles, now everything is a conversation. And the language you used reflects
that. One could say that it is a very good thing. It is like an Americanized thing. It is entirely a good thing. It
feels in many cases more authentic because people have less of a front. But having said that, there are benefits
to formality. There are reasons why etiquette and formality has developed, and I don’t think we will need to
recreate the old ones, if not then at least create new ones where they are of genuine benefit. Take an example,
for a transparent society online there is a leveling off, it is very difficult to, particularly in forums of debates and
stuff, to illustrate authority online. We know that some people have greater authority than others. If you asking
a health question about multiple vaccinations – a doctor who has spent 25 years studying and working on
multiple vaccinations knows a lot more than a parent who has a child whose had a multiple vaccination
injection. Online the two will certainly at first glance appear to have extremely similar authority, but actually
one would really like to know the context and would like to know that one has 25 years of experience and
scientific background than the other.

110
Bibliography

Anderson, N. (2010). “The ‘Legal Blackmail’ Business: Inside a P2P-Settlement Factory”. in

The Wired Epicenter.
Anderson, R. and Joseph Rowntree Reform Trust.,. (2009). Database State a Report
Commissioned by the Joseph Rowntree Reform Trust Ltd. York: Joseph Rowntree
Reform Trust.
Arendt, H. (1958). The Human Condition. Chicago: University of Chicago Press.
_____ (2010). “Google Andriod apps found to be sharing data”. in BBC news technology.
Berry D.M. (2008). Copy, Rip, Burn : The Politics of Copyleft and Open Source. London:
Pluto Press.
Berry D.M. (in press, 2010). The Philosophy of Software: Code and Mediation in the Digital
Age. London: Palgrave Macmillion.
Blake H. (2010). “Digital universe to smash 'zettabyte' barrier for first time.” in Daily
Telegraph, London.
Blommaert, J. (2005). Discourse : A Critical Introduction, Cambridge [u.a.],
Cambridge Univ. Press.
Bourdieu, P. (1984). Distinction : a Social Critique of the Judgement of Taste. Cambridge,
Mass.: Harvard UP.
Bourdieu P., Nice R. (2004). Science of Science and Reflexivity. Chicago: University of
Chicago Press.
Bradley T. (2010). “Take Advantage of Increased Time Spent on Social Networking.” in PC
World, PC World Business Center.
Brin, D. (1998). The Transparent Society : Will Technology Force Us to Choose between
Privacy and Freedom? Reading, Mass.: Addison-Wesley.
Bright, P. (2010). “Microsoft investigates hotmail privacy breach” – in Ars Technica Online.
Brodkin, J. (2009). “Facebook halts beacon, gives $9.5M to Settle Lawsuit”. in PC World.
Calhoun, C. J. (1992). Habermas and the Public Sphere. Cambridge, Mass.; London: MIT.
Chadwick, A., Howard, P. N., (2010). Routledge Handbook of Internet Politics. London:
Routledge.
Chapman G. (2010). “YouTube serving up two billion videos daily.” in AFP, San Francisco.
Couldry N. (2000). Inside culture : re-imagining the method of cultural studies. London:
SAGE.

111
Deleuze G. (1998). “Society of Control.” in L'autre Journal.
Deleuze G., Hand S., Foucault M. (2006). Foucault Continuum. London; New York.
DeNora T. (2000). Music in everyday life. Cambridge: Cambridge University Press.
Drahos, P., and Braithwaite, J. (2002). Information Feudalism : Who Owns the Knowledge
Economy? London: Earthscan.
Durham, Meenakshi Gigi and Douglas Kellner. (2006). Media and cultural studies :
keyworks. Malden, MA: Blackwell.
Edelbach, R. D., Winston. M. E., (2006) Society, Ethics, and Technology. Canada: Thomson
Wadsworth.
Efrati, Amir. (2010). “Google Fired Worker After Customer Breach”. in Wall Street Journal
Online, New York.
Eustace (2010) “We’re Sorry”. in Official Google Australia Blog.
_____ (2010). “EU countries probe Google data breach”. in EurActiv Network.
Firth, J. (2010). “In the light of the ACS: Law leak, how safe is our data”. in Guardian
Online Comment is Free, United Kingdom.
Foucault, M. (1977). Discipline and Punish : the Birth of the Prison. New York: Vintage.
Foucault, M. and Rabinow, P. (1984). The Foucault Reader. New York: Pantheon.
FTC. (2010). “Twitter Settles Charges that It Failed To Protect Consumer’s Personal
Information”. in FTC website.
Galloway A.R. (2004). Protocol : how control exists after decentralization. London: MIT
Press, Cambridge (Mass.).
Gandy O.H. (1993). The Panoptic Sort : A Political Economy of Personal Information.
Boulder, Colo: Westview.
Gantz J.F. (2010). “The Digital Universe Decade - Are You Ready?” in IDC Analyze the
Future - Go-To-Market Services, IDC.
Garfinkel, S. (2001) Database Nation : the Death of Privacy in the 21st Century. Cambridge,
Mass.: O'Reilly.
Gohring, N. (2010) “EPIC Files Privacy Complaint Against Google Buzz”. in
Computerworld Online.
Great Britain. Parliament. (2008). House of Commons. Home Affairs Committee.,. A
Surveillance Society? : Fifth Report of Session 2007-08. London: Stationery Office.
Great Britain. Parliament. House of Lords. (2009). Select Committee on the Constitution.,.
Surveillance : Citizens and the State. London: TSO.
Habermas, J. (1974). “The Public Sphere: An Encyclopedia Article (1964)”. In New German
Critique, No. 3 (Autumn, 1974).

112
Habermas, J. (1989). The Structural Transformation of the Public Sphere : an Inquiry into a
Category of Bourgeois Society. Cambridge, Mass.: MIT.
Hahn, L. E. (2000). Perspectives on Habermas. Chicago, Ill.: Open Court.
Halliday, J. (2010). “ACS: Law: The view from the accused and the questions in the courts”.
in The Guardian Technology Blog, United Kingdom.
Hardt M., Negri A. (2000). Empire. Cambridge, Mass: Harvard University Press.
Heidegger, M., Macquarrie J., and Robinson, E. (2006). Being and Time. Oxford: Blackwell.
Holtzman D.H. (2006). Privacy lost : how technology is endangering your privacy. San
Francisco: Jossey-Bass.
Horkheimer, M., and Adorno. T. W. (2002). Dialectic of Enlightenment. Stanford, Calif:
Stanford Univ. Press
Hoskins, A., and O'Loughlin, B. (2010). War and Media : the Emergence of Diffused War.
Cambridge: Polity.
Jameson, F. (1991). Postmodernism, or The Cultural Logic of Late Capitalism. Durham:
Duke UP.
Kaufman E. (1998). Deleuze & Guattari : new mappings in politics, philosophy, and culture.
Minneapolis: Univ. of Minnesota Press.
Kravets, D. (2010). “Facebook Denies “All Wrongdoing” in Wired Online..
ISPreview. (2010). “Regulator Still Investigating ACS Law Over Illegal UK ISP File Sharing
Threat Letters”. in ISPreview, United Kingdom.
Latour, B. (1996). Aramis or the Love of Technology. Cambridge, Mass. [u.a.]: Harvard Univ.
Lister M. (2009). New Media : A Critical Introduction. London: Taylor & Francis.
Locke, J. (2009). Two Treatises on Government : a Translation into Modern English.
Manchester: Industrial Systems Research.
Lucas P. (1999). “The Trillion-Node Network.” in MAYA Design, Inc, Pittsburgh, PA. pp. 7.
MacKenzie D.A., Wajcman J. (2003). The Social Shaping of Technology. Maidenhead: Open
University Press.
Mahaffey, K. (2010) “iPad Breach Update: More Personal Data Was Potentially at Risk”. In
TechCrunch.
Manovich L. (2002). The Language of New Media. Cambridge, Mass: MIT Press.
Mattelart, A. (2003) The Information Society : an Introduction. London; Thousand Oaks,
Calif.: Sage.
May, C. (2002) The Information Society : A Skeptical View. Malden, Mass.: Polity.
McCarthy C. (2010). “Facebook's half-billion milestone is official.” in CNET News, CNET,
New York.

113
McLuhan, M. (1962). The Gutenberg Galaxy; the Making of Typographic Man. Toronto:
University of Toronto.
Mello J.P.J. (2010). “Twitter Reaches 20 Billion Tweets, Today.” in PC World, PC World.
Mosco V. (2009). The political economy of communication. Los Angeles: Sage Publications
Nissenbaum, H. F. (2010). Privacy in Context : Technology, Policy, and the Integrity of
Social Life. Stanford, Calif.: Stanford Law.
____ (2010). “Australia Privacy Commissioner Obtains Privacy Undertakings from Google”.
In Office of the Privacy Commissioner, Australia website.
O'Hara K., Shadbolt N. (2008). The Spy in the Coffee Machine. Oxford: Oneworld.
Polastron L.X., Graham J.E. (2007). Books on fire : the destruction of libraries throughout
history. Rochester, Vt Inner: Traditions.
Reardon, M. (2010). “Skype files for $100 million IPO.” in CNET News, CNET.
Rotenberg, M. (2009). “What’s Privacy in the Age of Facebook”. in The Huffington Post.
Savitz E. (2010). “CTIA: 1 Trillian Net Connected Devices By 2013, Cisco Says.” in
Barrons Tech Trader Daily.
Schneier, B. (2000). Secrets and Lies : Digital Security in a Networked World. New York:
John Wiley.
Sennett, R. (1992). The Fall of the Public Man. London: W. W. Norton.
Silverstone, R. (1999). Why Study the Media? London; Thousand Oaks, [Calif.]: Sage.
Smith, H. J. (1994) Managing Privacy : Information Technology and Corporate America.
Chapel Hill U.a: Univ. of North Carolina.
Smythe, D.W. (1981). Dependency Road : Communications, Capitalism, Consciousness and
Canada. Norwood, N.J.: Ablex Pub.
Singel, R. (2010) “White Hat Uses Foursquare Privacy Hole to Capture 875K Check-Ins” in
Wired Magazine Online.
Stone, B. (2010). “Facebook Sells Your Friends”. in Bloomberg Businessweek, Bloomberg.
Tapscott D. (2008). Grown up digital : How the Net Generation is Changing the World. New
York: McGraw-Hill.
Thierer A.D., Crews C.W., Cato I. (2003). Who Rules the Net? : Internet governance and
jurisdiction. Washington, D.C.: Cato Institute.
Turnbull, I. J., and Canadian Privacy Institute.,. (2009). Privacy in the Workplace. Toronto:
CCH Canadian.
Weightman I. (2010). “Internet Connected Devices About to Pass the 5 Billion Milestone.” in
IMS Research.

114
Whitley, E. A. (2008). Global Challenges for Identity Policies. Basingstoke: Palgrave
Macmillan.
Williams A. (2010). “IBM: A World with 1 Trillion Connected Devices” in ReadWrite
Enterprise.
Winner, L. (1980). "Do Artifacts Have Politics?" Daedalus 109.1: 121-36.
Winner, L. (1991). “Artifacts/Ideas and Political Culture”. Whole Earth Review (Winter).
Wray R. (2010). “Goodbye petabytes, hello zettabytes.” in The Guardian, The Guardian
Online, London.
Wright A. (2007). Glut mastering information through the ages. Washington, D.C.: Joseph
Henry Press.
Zittrain J. (2008). The future of the Internet and how to stop it. New Haven [Conn.]: Yale
University Press.
___ (2010). “Facebook launches new service where users ‘check in’ to locations and let
friends know where they are”. In Daily Mail Online, UK.

115