Tag Archives: privacy

Online security for journalists: never assume you’re secure

image from xkcd

image from xkcd

With news last week of the New York Times and Washington Post being hacked recently, The Muckraker‘s Lyra McKee looks at internet security.

“They were able to hack into the computer and remotely access my Facebook account, printing out a transcript of a private conversation. Then they told me who I’d been talking to over the past week and who was on my contacts list. They’d hacked into my phone. When they first told me they could hack into computers and phones, I didn’t believe them. So they showed me.”

I was sitting at the kitchen table of one of Northern Ireland’s few investigative journalists. He was shaken.

In thirty years of reporting, Colin (not his real name) has seen things that would leave the average person traumatized. A confidante of IRA terrorists, he has shaken hands with assassins and invited them into his home for a chat over a cup of tea – as he had done with me that night.

A few weeks previous, during one visit from a source, the subject of hacking had come up. Continue reading

Advertisements

Leveson: the Internet Pops In

The following post was originally published by Gary Herman on the NUJ New Media blog. It’s reproduced here with permission.

Here at Newmedia Towers we are being swamped by events which at long last are demonstrating that the internet is really rather relevant to the whole debate about media ethics and privacy. So this is by way of a short and somewhat belated survey of the news tsunami – Google, Leveson, Twitter, ACTA, the EU and more.

When Camilla Wright, founder of celebrity gossip site Popbitch (which some years ago broke the news of Victoria Beckham’s pregnancy possibly before she even knew about it), testified before Leveson last week (26 January 2012) [Guardian liveblog; Wright’s official written statement (PDF)] the world found out (if it could be bothered) how Popbitch is used by newspaper hacks to plant stories so that they can then be said to have appeared on the internet. Anyone remember the Drudge report, over a decade ago?

Wright, of course, made a somewhat lame excuse that Popbitch is a counterweight to gossip magazines which are full of stories placed by the PR industry.

But most interesting is the fact that Wright claimed that Popbitch is self-regulated and that it works.

Leveson pronounced that he is not sure there is ‘so much of a difference’ between what Popbitch does and what newspapers do – which is somehow off the point. Popbitch – like other websites – has a global reach by definition and Wright told the Inquiry that Popbitch tries to comply with local laws wherever it was available – claims also made more publicly by Google and Yahoo! when they have in the past given in to Chinese pressure to release data that actually or potentially incriminated users and, more recently, by Twitter when it announced its intention to regulate tweets on a country-by-country basis.

Trivia – like the stuff Popbitch trades – aside, the problem is real. A global medium will cross many jurisdictions and be accessible within many different cultures. What one country welcomes, another may ban. And who should judge the merits of each?

Confusing the internet with its applications

The Arab Spring showed us that social media – like mobile phones, CB radios, fly-posted silkscreen prints, cheap offset litho leaflets and political ballads before them – have the power to mobilise and focus dissent. Twitter’s announcement should have been expected – after all, tweeting was never intended to be part of the revolutionaries’ tool-kit.

There are already alternatives to Twitter – Vibe, Futubra, Plurk, Easy Chirp and Blackberry Messenger, of course – and the technology itself will not be restrained by the need to expand into new markets. People confuse the internet with its applications – a mistake often made by those authorities who seek to impose a duty to police content on those who convey it.

Missing the point again, Leveson asked whether it would be useful to have an external ombudsman to advise Popbitch on stories and observed that a common set of standards across newspapers and websites might also help.

While not dismissing the idea, Wright made the point that the internet made it easy for publications to bypass UK regulators.

This takes us right into the territory of Google, Facebook and the various attempts by US and international authorities to introduce regulation and impose duties on websites themselves to police them.

ACTA, SOPA and PIPA

The latest example is the Anti-Counterfeit Trade Agreement (ACTA) – a shadowy international treaty which, according to Google’s legal director, Daphne Keller, speaking over a year ago, has ‘metastasized’ from a proposal on border security and counterfeit goods to an international legal framework covering copyright and the internet.

According to a draft of ACTA, released for public scrutiny after pressure from the European Union, internet providers who disable access to pirated material and adopt a policy to counter unauthorized ‘transmission of materials protected by copyright’ will be protected against legal action.

Fair use rights would not be guaranteed under the terms of the agreement.

Many civil liberty groups have protested the process by which ACTA has been drafted as anti-democratic and ACTA’s provisions as draconian.

Google’s Keller described ACTA as looking ‘a lot like cultural imperialism’.

Google later became active in the successful fight against the US Stop Online Piracy Act (SOPA) and the related Protect Intellectual Proerty Act (PIPA), which contained similar provisions to ACTA.

Google has been remarkably quite on the Megaupload case, however. This saw the US take extraterritorial action against a Hong Kong-based company operating a number of websites accused of copyright infringement.

The arrest of all Megaupload’s executives and the closure of its sites may have the effect of erasing perfectly legitimate and legal data held on the company’s servers – something which would on the face of it be an infringement of the rights of Megaupload users who own the data.

Privacy

Meanwhile, Google – in its growing battle with Facebook – has announced its intention to introduce a single privacy regime for 60 or so of its websites and services which will allow the company to aggregate all the data on individual users the better to serve ads.

Facebook already does something similar, although the scope of its services is much, much narrower than Google’s.

Privacy is at the heart of the current action against Google by Max Mosley, who wants the company to take down all links to external websites from its search results if those sites cover the events at the heart of his successful libel suit against News International.

Mosley is suing Google in the UK, France and Germany, and Daphne Keller popped up at the Leveson Inquiry, together with David-John Collins, head of corporate communications and public affairs for Google UK, to answer questions about the company’s policies on regulation and privacy.

Once again, the argument regarding different jurisdictions and the difficulty of implementing a global policy was raised by Keller and Collins.

Asked about an on-the-record comment by former Google chief executive, Eric Schmidt, that ‘only miscreants worry about net privacy’, Collins responded that the comment was not representative of Google’s policy on privacy, which it takes ‘extremely seriously’.

There is, of course, an interesting disjuncture between Google’s theoretical view of privacy and its treatment of its users. When it comes to examples like Max Mosley, Google pointed out – quite properly – that it can’t police the internet, that it does operate across jurisdictions and that it does ensure that there are comprehensive if somewhat esoteric mechanisms for removing private data and links from the Google listings and caches.

Yet it argues that, if individuals choose to use Google, whatever data they volunteer to the company is fair game for Google – even where that data involves third persons who may not have assented to their details being known or when, as happened during the process of building Google’s StreetView application, the company collected private data from domestic wi-fi routers without the consent or knowledge of the householders.

Keller and Collins brought their double-act to the UK parliament a few days later when they appeared before the joint committee on privacy and injunctions, chaired by John Whittingdale MP.

When asked why Google did not simply ‘find and destroy’ all instances of the images and video that Max Mosley objected to, they repeated their common mantras – Google is not the internet, and neither can nor should control the websites its search results list.

Accused by committee member Lord MacWhinney of ‘ducking and diving’ and of former culture minister, Ben Bradshaw of being ‘totally unconvincing’, Keller noted that Google could in theory police the sites it indexed, but that ‘doing so is a bad idea’.

No apparatus disinterested and qualified enough

That seems indisputable – regulating the internet should not be the job of providers like Google, Facebook or Twitter. On the contrary, the providers are the ones to be regulated, and this should be the job of legislatures equipped (unlike the Whittingdale committee) with the appropriate level of understanding and coordinated at a global level.

The internet requires global oversight – but we have no apparatus that is disinterested and qualified enough to do the job.

A new front has been opened in this battle by the latest draft rules on data protection issued by Viviane Reding’s Justice Directorate at the European Commission on 25 January.

Reding is no friend of Google or the big social networks and is keen to draw them into a framework of legislation that will – should the rules pass into national legislation – be coordinated at EU level.

Reding’s big ideas include a ‘right to be forgotten’ which will apply to online data only and an extension of the scope of personal data to cover a user’s IP address. Confidentiality should be built-in to online systems according to the new rules – an idea called ‘privacy by design’.

These ideas are already drawing flak from corporates like Google who point out that the ‘right to be forgotten’ is something that the company already upholds as far as the data it holds is concerned.

Reding’s draft rules includes an obligation by so-called ‘data controllers’ such as Google to notify third parties when someone wishes their data to be removed, so that links and copies can also be removed.

Not surprisingly, Google objects to this requirement which, if not exactly a demand to police the internet, is at least a demand to ‘help the police with their enquiries’.

The problem will not go away: how do you make sure that a global medium protects privacy, removes defamation and respects copyright while preserving its potential to empower the oppressed and support freedom of speech everywhere?

Answers on a postcard, please.

Report: Social Media and News

Report: Social Media and NewsLast year I was commissioned to write a report on ‘Social Media and News’ for the Open Society Media Program, as part of the ‘Mapping Digital Media’ series. The report is now available here (PDF).

As I say in the introduction, I focused on “the areas that are most strongly contested and hold the most importance for the development of news reporting”, namely:

  • competition over copyright between individuals, news organisations, and social media platforms;
  • the move to hyperlocal and international-scope publishing;
  • the tensions between privacy and freedom of speech; and
  • attempts by governments and corporations to control what happens online.

These and other developments (such as the growth of APIs which “connect the information that we consume with the information we increasingly embody”) are then explored with specific reference to issues of editorial independence, public interest and public service, pluralism and diversity, accountability, and freedom of expression.

That’s quite a lot to cover in 4,000 words. So for those who want to explore some of the issues or cases in more detail – or follow recent updates (and a lot has happened even since finishing the report) – I’ve been collecting related links at this Delicious ‘stack’, and on an ongoing basis at this tag.

Guest post: visualising mobile phone data – the data retention app

datarentention_app

In a guest post Lorenz Matzat, editor of ZEIT Online’s Open Data Blog, writes about the background to their online app exploring the issues around data retention by mobile phone companies.

It’s not very often that one can follow the direct impact of an article, let alone a piece of data journalism. But the visualization of the cellphone data of Malte Spitz from the Green party in Germany led to visible repercussions in the US.

Following a piece in the New York Times about Spitz and the data app, some days ago two senators wrote a letter to the 4 main US-carriers for information about their data retention policy.

After publishing the app in German one month ago (and 20 days later the English version), the feedback was overhelming. We didn’t think that so many people would be so interested in it. But Twitter and Facebook in Germany went wild with it for some days – along with coverage in many major tech websites.

Probably this is why data journalism works: Making an abstract notion everybody knows about visible: that every position of you, and every connection of your mobile phone does is – or could be – logged. Every call, text message and data connection.

The background

Around February 1st, ZEIT Online asked me if I had an idea what do do with the dataset of Malte Spitz (read the background story about the legal action of Spitz to get the data here). Continue reading

Epic Boobs are fair game, says PCC

Fascinating decision by the Press Complaints Commission today on a privacy complaint against Loaded magazine that involved images of a then-15-year-old girl’s breasts taken from the social network Bebo.

Web User puts it more succinctly than the decision itself, but for publishers it boils down to this: the complaint was rejected because the image had been circulated widely on the internet over the past four years – in fact, the decision says there were over 200,000 matches on an image search on this particular person as the “Epic boobs” girl.

Beehive City puts it this way:

“In other words – if it’s everywhere online, you’ve lost your right to privacy and in the case of the picture taker, perhaps to copyright too. Which is why everybody was last week furiously spreading the David Cameron Shepard Fairey image produced by The Sun, and why perhaps with enough spreading that Bullingdon Photo will be impossible to suppress too.”

What complicates the decision even further is that, while the girl was 15 when the images were published, she is now an adult – and was an adult when Loaded published the images:

“Issues of taste and offence – and any question of the legality of the material – could not be ruled upon by the Commission, which was compelled to consider only the terms of the Editors’ Code. The Code does include references to children but the complainant was not a child at the time the article was published.”

The distinction here is between harming a vulnerable person, and an image of a vulnerable person; or between the thing and the person. Publishing that image now does not harm an unprotected 19-year-old adult; publishing it 4 years ago would have harmed a vulnerable, and therefore protected, 15-year-old. But taking the picture 4 years ago would, I imagine, have constituted exploiting a vulnerable person and someone taking that picture could still be prosecuted now that she is 19.

Still with me?

Also on Press Gazette.

Presentation: Law for bloggers and journalists (UK)

Yesterday I hosted a session on law for my MA Online Journalism students, which I thought I would embed below.

Some background: I teach all my sessions in a coffee shop in central Birmingham – anyone can drop in. This week I specifically invited local bloggers, and so the shape of the presentation was very much flavoured by contributions from The Lichfield Blog‘s Philip John; Nick Booth from Podnosh and BeVocal; Talk About Local‘s Nicky Getgood; Hannah Waldram of the Bournville Village BlogGavin Wray, Matthew Mark, and Mike Rawlins of Stoke’s Pits N Pots. The editor of the Birmingham Post Marc Reeves also came for an hour to share his own experiences in the regional press.

Two things occurred to me during the process of preparation and delivery of the session. The first is that law in this context is much broader: as well as the classic areas for journalists such as defamation, you have to take into account online publishing issues such as terms and conditions, data protection and user generated content.

Secondly, I’ve long been an advocate of conversational teaching styles (one of the reasons I teach in a coffee lounge) and this was a great example of that in practice. The presentation below is just a series of signposts – the actual session lasted 4 hours and included various tangents (some of which I’ve incorporated into this published version). Experiences in the group of students and guests ranged across broadcasting, print, photography, online publishing, academic study, and international law, and I came out of the session having learned a lot too.

I hope you can add some more points, examples, or anything I’ve missed. Here it is:

Review: Search Engine Society by Alexander Halavais

Searching is the most popular activity online after email. It is the prism through which we experience a significant proportion of the world’s information – from news and information about our community, through to health information, commerce, and just about anything that has a presence online.

Search Engine Society takes a critical look at search engines, how they work, the techniques used to manipulate them – from gaining better rankings to censorship, and the implications for privacy and democracy. Continue reading