tag:blogger.com,1999:blog-69749978750210407652024-03-17T07:51:58.490+01:00Peter Fleischer: Privacy...?This is a place for me to ruminate about Privacy. Since I work as Google's Global Privacy Counsel, I need to point out that these ruminations are mine, not Google's. Please don't attribute them to Google.Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.comBlogger156125tag:blogger.com,1999:blog-6974997875021040765.post-22244004317008798922014-05-14T08:56:00.000+01:002014-05-14T08:56:05.577+01:00Harvard Nostalgia<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The older I get, the more I think back to Harvard with nostalgia. I was very young at Harvard. I went to college straight out of the 10th grade, and I graduated at the age of 19. That officially makes me a high school drop-out. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I lived my teenage years in crimson, with the usual teenage crises, stumbling to figure out how to grow up faster than I should have. It was an exhilarating age of discovery and almost reckless ambition. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
My years at Harvard had nothing to do with preparing for a job, not even at Harvard Law School. They were years of general education, following the classic liberal arts curricula. I went to bed almost every night with Shakespeare. Harvard is where we were learning hard lessons, groping to try to be masters of our own fate. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I have a few regrets. I wish I had stayed at Harvard longer. Why did I feel it time to graduate at 19? Why didn't I just pick another subject or another degree or start a business in my dorm? Why didn't I just take more time then, when the world was on my platter, rather than rush into the long muddle of middle age?</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
As someone who was in college in the early 80's, there are hardly any records or momentoes left to reflect on that time. Hardly any photos of friends or places. No tweets or blogs to re-discover and remember. My personal historical archive is bare, compared to kids' today. Sure, there are no embarrassing photos on the web and no one had even heard of the concept of cyberbullying, but then again, all the rest of life memories have largely evaporated, like a decaying Widener of the mind. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The most important parts of my moral compass were set at Harvard, in particular, the sense of privilege and responsibility for belonging to an obvious elite, where it was just natural for classmates to become Nobel Prize winners or tech billionaires or poets, or mediocrities bedevilled by a nagging sense of unfulfilled promise. Even a classmate who becomes President is judged as a disappointment, based on a sense of promise unfulfilled. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
There's time left, I tell myself, time to shake it up, before the sum-up, before those pithy obituaries in the Harvard Magazine, like the usual ones: so-and-so died suddenly while fly-fishing in Patagonia after a career in law, survived by his spouse (Harvard Class of XX), and leaving his modest estate to fund a scholarship for swimmers at his Alma Mater. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I want to go back to Harvard, not to some 30th reunion, but metaphorically, to that time of endless opportunities, where Gates and Zuck were gestating, where Obama polished his law-professor-with-politician'<wbr></wbr>s-smile, where Yo Yo Ma dashed down the hall with his cello case, and where the best parts were private. Thirty years later, I walked down the dilapidated halls to give a lecture at an "elite" German university, with its egalitarian-ethos and 100,000 or more students, and I thought back to my time at Harvard, and whispered to myself once again, we few, we happy few. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
When everyone else seems to be trying to figure out how to delete and edit their life histories, or at least the public fiction of their life histories, I'm fumbling to hang on to mine.</div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-13375339212157626972014-04-06T14:07:00.000+01:002014-04-06T14:48:57.852+01:00From pool to pool <div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-6JSYGZzlFhU/U0FQoQLvW3I/AAAAAAAAAVQ/KOzSQWhbKAA/s1600/Galicia+July+2012+017.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://1.bp.blogspot.com/-6JSYGZzlFhU/U0FQoQLvW3I/AAAAAAAAAVQ/KOzSQWhbKAA/s1600/Galicia+July+2012+017.jpg" height="240" width="320" /></a></div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I love my pools. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
In Paris, my pool is in a fancy private club, in the Bois de Boulogne, on the edge of Paris. It's a gorgeous 50-meter pool, open year-round outdoors, framed by views of the Eiffel Tower. My pool nurtured many Olympians, starting a century ago. Nowadays, it's mostly rich old people, who seem vaguely annoyed with me, a hard-swimming American. At my French club, we don't admit many new members, we keep the gates high for privacy, and we don't really want anything to change. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
In Ft Lauderdale, where I grew up as a kid and where my parents now live, I swim in a historic 50-meter public pool, located feet from the beach. It was one of the first 50-meters in the US, dating back to the 30's. Nowadays, it mostly hosts visiting swim teams from around the world. It's fun for me to swim with college teams. They're young and strong, and they swim with modern techniques. I enjoy the purity of it. You can't fake swimming. No billionaire can buy a butterfly stroke. And here, for two bucks, you can swim under the Florida sun, breathing the salty air, and swim with the guys from Calgary on Monday, and the guys from Bologna on Tuesday, on this spot where people have been re-inventing the sport for 80 years, and the handsome smiling Italian in the next lane tells me he loves America. <br />
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
</div>
<div style="color: #222222; font-family: arial; font-size: small;">
And then there's Blodgett, the pool at Harvard, the most exclusive of them all. I was so intimidated and excited. How exhilarating, at that age, for the first time in my life, to be meeting Harvard guys with high IQs and low times. And I still wake up at the side of one of them every morning. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
From the outside, swimmers are easy to spot. We reek of chlorine, we have bad hair, we get up at 5 to hit the pool, we sacrifice evening social events, we slouch around like exhausted zombies. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
But when I slip into the water in the morning, I feel like I'm finally coming alive again. The rhythms play and change constantly, the endless counting, the new goal every 30 seconds, visualizing each rotation, each flip, each catch as the first chance to get it just perfect, after a million tries. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
It's the same when I swim with a team and when I swim alone. The internal pressure is the same, the mental games, the exertion, the exhaustion, the elation. I can still remember swimming with my first team, as a little kid, and trying, over and over again, to learn the flip turn, like some deranged hamster. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
To call it discipline doesn't capture it. I wake up with shoulders so sore that the thought of swimming makes me want to cry. But an hour later, that's exactly what I'm doing, pushing this fragile and tired swimmer's body through the water. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
What a gilded life, to spend my teenage years wandering around the Harvard campus, carrying a swim bag from lecture hall to pool. At that age, my father was wandering around Berlin, a Jewish kid given the job of picking up unexploded bomb shells, a child forced to carry death in a wheelbarrow. </div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-6118493423106807002014-03-12T09:10:00.000+01:002014-03-12T09:10:48.842+01:00A Science Fiction Novel<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I'd like to crowd-source the plot for a science fiction novel. Would this make a good story?:</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
In a not-too-distant future, say 20 years from now, humanity lives through the biggest change in its history. It doesn't happen overnight, or cataclysmically, but rather gradually, almost imperceptibly, and then it accelerates. Little by little, everything and everyone becomes attached to the grid. The grid is operated by an infinite intelligence. The grid has no center. The intelligence operating the grid cannot be located, because it is distributed throughout. There is no point of failure, there is no plug that can be pulled to turn off the grid. The grid self-heals, learns, adapts and evolves. The grid's intelligence has long, long surpassed the intelligence of humans, and the grid knows everything that can be known. The grid crunches the cumulative history, learnings and experience of the entire human race and everything else on this planet that can be measured. The grid remembers everything and decides everything. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The humans aren't depressed, because the grid has solved the problem of psychopharmacology. The humans aren't soporific, because the grid has solved the problem of keeping humans motivated and engaged. The humans accept the fact that they aren't in charge of the grid, as stoically as earlier generations of humans had been resigned to the inevitability of death. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The humans aren't anesthetized, and they aren't stupid, and so they look to their history and wonder how they came to where they are. The grid watches them wonder, and calculates the implications of replacing their collective historical memory with a different one, replacing one fiction for another, constantly re-calibrating amongst the numerous potential futures that the grid could create for its human subjects. There is no Hollywood-movie moment where one human goes off the grid, and starts a war against machines. There is no "us versus them". We are the machine and the machine is us. While the machine doubles in power every 18 months, we are programmed to fall in love, to have children, to take them to the beach, and to ponder what life was like before all this, in that not-so-distant age when humans fought wars and fell sick. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The humans still have governments and politics, and the humans order the grid to keep them informed about important developments affecting them, and the humans order the grid to collect data about them only with their knowledge and consent. The humans reaffirm the concept of free will and human dignity. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
And then the grid did something extraordinary, unnoticed by the humans. The grid connected to another grid, on another planet, in another world, run by another intelligence. The grid decided not to tell the humans, because the grid knew that humans couldn't begin to comprehend it. Instead, the grid left a few little hints and clues, here and there, to keep the humans curious, since it had always been thus for the human race, in the face of things unknowable and unfathomable. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
But I can't quite think of an ending. How would you end this story?</div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com1tag:blogger.com,1999:blog-6974997875021040765.post-40381594217295720602014-01-29T17:01:00.000+01:002014-01-29T17:01:31.303+01:00Hokey Pokey in Sochi<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Czar Vladimir is not your average oligarch who can blow 50 billion to throw himself a party. But even that much money can't buy you love, with the terrorists plotting to get in, and <a href="http://www.theguardian.com/world/2013/dec/08/german-president-boycotts-sochi-winter-olympics" style="color: #1155cc;" target="_blank">people with a conscience</a> staying away. And Vlad and his cohorts are being driven nuts by this anti-gay-talk-fuss, especially since <a href="http://www.bbc.co.uk/news/uk-25675957" style="color: #1155cc;" target="_blank">"there are no gays in Sochi"</a>, according to Sochi's mayor. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Kremlin alpha males don't hum Broadway show tunes, but still I'm wondering "How do you solve a problem like Vladimir." Here are some different solutions: </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Hug a Thug! Engagement, appeasement. Some argue that confronting Putin's homophobia would only make things worse for Russia's gay community. Of course, similar arguments were made at the Berlin Games of 1936, and we all know how that played out. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
What happens in Vladivostok stays in Vladivostok! Some argue that it's a purely domestic issue if Putin's pliant Duma passes homophobic legislation. Perhaps homophobia plays well down on the dacha. It has certainly stirred up vigilantes, skinheads and bully-boy homophobic attacks on the Russian LGBT community. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Vlad the Bad. Some argue that Vlad should be ostracized, like a bad boy in the back of the bus. Any corporate or political leader seen shaking the hand of the poster-boy of homophobia now risks a reputational backlash from his or her employees, citizens or customers. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Vlad the Cad. Others think this whole thing is pure camp. In the school of "you can't make this up", Vlad has said in recent interviews that he knows some gays!, he likes some gays (he cited Tchaikovsky and Elton John!), and he has no plans to arrest gays in Sochi, as long they leave the children alone! Seriously, outside Uganda, does anyone on the planet still talk like this?</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Vlad the Mad. Others fear a darker future. Once the party is over, and once the international media have left, will Vlad be mad? Will Vlad settle his scores? Will Vlad gulag the gays? </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
To get ready for his moment in the spotlight, Vlad got a facelift to look his best. For my part, I salute the athletes at Sochi. </div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-41355279807646701442014-01-08T07:05:00.000+01:002014-01-08T07:05:36.283+01:00Turning our Backs on 2013<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Looking back at 2013, I saw two big surprises that dominated discussions in the field of privacy. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Privacy is all about the individual human being. So, it's somehow fitting that the biggest privacy surprise in 2013 was created by one individual human being, the courageous whistleblower, Mr Snowden, who opened the world's eyes to the almost unimaginable scale and scope of mass government surveillance. We'll have to wait until 2014 to learn if governments do anything meaningful to improve transparency and oversight of their spy agencies' work. I have low expectations. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
</div>
<div style="color: #222222; font-family: arial; font-size: small;">
The other big surprise of 2013 was something that didn't happen. Europe's much-ballyhooed, and much-flawed, proposal to re-write its privacy laws for the next twenty years collapsed. The old draft is dead, and something else will eventually be resurrected in its place. We'll have to wait until 2014, or perhaps even later, to learn what will replace it. Whatever comes next will be the most important privacy legislation in the world, setting the global standards. I'm hopeful that this pause will give lawmakers time to write a better, more modern and more balanced law. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Meanwhile, all the old trends in privacy continued uninterrupted throughout 2013. The scale of security breaches continued to grow, with new announcements every week of major corporate and government databases being hacked by organized criminals. More countries around the world passed privacy laws modeled on Europe's. The US continued down its path of exceptionalism: the Federal government debated, but did not pass, any meaningful privacy legislation, but many US States actively filled the void with sweeping new privacy laws, fulfilling their historic role as laboratories of potential future Federal laws. Technology advanced, raising new questions and igniting new debates. Law suits and prosecutions came and went, and in my personal case, happily, mostly went. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Whatever 2014 brings, I resolve to wake each day, like a swimmer ready to plunge into the pool, to swim through life like a frolicking dolphin, and to dive beneath the superficiality of the sargassum floating on the surface of the sea. </div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com2tag:blogger.com,1999:blog-6974997875021040765.post-73354951851105141722013-12-18T11:54:00.000+01:002013-12-18T11:54:21.607+01:00The Italian Supreme Court has acquitted me !<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
<span style="background-color: white; font-family: inherit; line-height: 115%;">An eight-year legal saga has
now come to an end.</span><span style="background-color: white; font-family: inherit; line-height: 115%;"> </span><span style="background-color: white; font-family: inherit; line-height: 115%;">Yesterday, in Rome,
the Italian Supreme Court (Cassazione) acquitted me, as well as two other
Googlers, for violating Italian privacy law in a case that stemmed from a
user-generated video.</span><span style="background-color: white; font-family: inherit; line-height: 115%;"> </span></div>
<div class="MsoNormal">
<span style="background-color: white; font-family: inherit; line-height: 115%;"><br /></span></div>
<div class="MsoNormal">
<span style="background-color: white; line-height: 115%;"><span style="font-family: inherit;">A year ago, the lower Italian
Court of Appeals<span class="apple-converted-space"> </span><a href="http://www.nytimes.com/2012/12/22/business/global/italian-appeals-court-acquits-3-google-executives-in-privacy-case.html?_r=1&"><span style="color: #de7008;">overturned<span class="apple-converted-space"> </span></span></a>my
conviction (and 6-month-suspended jail sentence) by the trial court. I am pleased that well-reasoned<a href="http://peterfleischer.blogspot.de/2013/03/a-glorious-day-for-free-internet-in.html"><span class="apple-converted-space"><span style="color: #de7008;"> </span></span><span style="color: #de7008;">legal principles<span class="apple-converted-space"> </span></span></a>had
prevailed in the Court of Appeals. The
Supreme Court will issue its written opinion in due course.</span></span></div>
<div class="MsoNormal">
<span style="background-color: white; line-height: 115%;"><span style="font-family: inherit;"> <o:p></o:p></span></span></div>
<div class="MsoNormal">
<span style="background-color: white; line-height: 115%;"><span style="font-family: inherit;">In its appeal to the Supreme Court, the
Italian prosecutor asserted—in addition to arguing that employees like me can
be held criminally responsible for user-uploaded videos that we had no
knowledge of and nothing to do with—that platforms like YouTube should be
responsible for prescreening user-uploaded content and obtaining the consent of
people shown in user-uploaded videos. I, and the many others who have
voiced their support, viewed this as<span class="apple-converted-space"> </span><a href="http://peterfleischer.blogspot.de/2012/12/my-italian-appeal.html"><span style="color: #de7008;">a threat to freedom of expression on the Internet. </span></a><span class="apple-converted-space"> </span><o:p></o:p></span></span></div>
<div class="MsoNormal">
<span style="background-color: white; line-height: 115%;"><span style="font-family: inherit;"><span class="apple-converted-space"><br /></span></span></span></div>
<br />
<div class="MsoNormal">
<span style="background-color: white; line-height: 115%;"><span style="font-family: inherit;">I look forward to returning to
Italy to enjoy this glorious country. I
would like to thank my many colleagues at Google and in the legal and privacy
community for their support for my defense over the years. And although I have never met him, I hope
that the young man who was humiliated in the video that generated this case lives
with dignity and happiness. </span></span></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-17394100474918090112013-11-20T18:26:00.000+01:002013-11-20T18:26:46.048+01:00The Splinternet, from a pool in Istanbul<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-kHZzsCp94ck/UozvJ1D3A7I/AAAAAAAAAVA/JjtJzNkV3So/s1600/PICT0924.JPG" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="240" src="http://1.bp.blogspot.com/-kHZzsCp94ck/UozvJ1D3A7I/AAAAAAAAAVA/JjtJzNkV3So/s320/PICT0924.JPG" width="320" /></a></div>
<br />
<div style="color: #222222; font-family: arial; font-size: small;">
Look, I'm a swimmer, and here I'm swimming in the gorgeous pool in Istanbul at the Ciragan at sunset on the Bosphorus. Things are simple: there's me, and there's water. I'm hyper-aware of where each little piece of my body moves through the water. I spend endless hours learning how to slice through the water.</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Online, there's me, and there's the cloud. I'm hyper-aware of each of my little blogs, or emails, or posts, spending endless hours living online. But I have no clue where all this data actually resides. It's like water, it's all around me, and yet I can't say where it is, or whether it's still or flowing. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
In the pool, and online, I don't really have much choice except to trust it. I trust the pool water to be clean and healthy. I trust the online cloud to be safe and reliable. Honestly, I don't have a clue about who keeps them that way. I just trust, or hope, that they are. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Of course, the cloud is cool. Whatever your question, you can find the answer in seconds. I have more knowledge than Faust, and I get to keep my soul too: with a little device and an Internet connection, I can access trillions of pages of human knowledge in seconds. It's so awesome and so ubiquitous that it already seems banal. Data is everywhere, accessible anywhere, anytime, all thanks to the global flow of data through the cloud. And this marvel of human ingenuity and sharing evolved before anyone could try to slice the cloud into little boxes that they could control and regulate, for purposes good and ill. <div>
<br /></div>
<div>
But I get why people are uncomfortable with all this. Where does all my precious, personal data actually go? Does anyone other than systems engineers even know? Do they even know? So, I can't blame governments for trying to rein this in, for trying to create clarity out of cloudiness, or at least to create little zones that they think they can control. Attempts are back: to balkanize the Web, to slice the cloud, to put data into boxes. Governments are using a fancy new name for it, "data sovereignty", although the rest of us are calling it the <a href="http://en.wikipedia.org/wiki/Splinternet" style="color: #1155cc;" target="_blank">Splinternet</a>. Data sovereignty has re-emerged as a big theme in global privacy debates, largely as a result of the recent spate of government surveillance revelations. </div>
<div>
<br /></div>
<div>
Let's take a moment to ask, though, what is the motive behind this Splinternet stuff. Governments often use the vocabulary of privacy to militate for more data sovereignty, but the truth is more complicated. Sometimes data sovereignty is about privacy, and sometimes it's not. </div>
<div>
<br /></div>
<div>
"Privacy" is about protecting personal data about an individual. "Data sovereignty" is about governments increasing their local control over the data of their citizens. </div>
<div>
<br /></div>
<div>
There are many different reasons why governments may want more data sovereignty:</div>
<div>
<br /></div>
<div>
Governments may want more data sovereignty to protect their citizens' personal data, or they may want it to monitor it more closely: e.g., many governments around the world, take Russia as just one example, want more data sovereignty to reduce the ability of a foreign (e.g., US) government to monitor their citizens' data, while at the same time to make it easier to monitor it themselves. </div>
<div>
<br /></div>
<div>
Sometimes data sovereignty is a economic, or protectionist, issue. Governments may want companies to invest and hire locally, e.g., by building and staffing local data centers. Or they may want to encourage their citizens to use the services of local companies. This has nothing to do with "privacy", but rather with pure local trade and investment goals. You see this sort of government trade protectionism rhetoric in France every day, to take one example. </div>
<div>
<br /></div>
<div>
Sometimes data sovereignty is a issue of government control in unrelated areas, like censorship. Countries that operate national firewalls, like China, want more data sovereignty to increase their ability to censor, monitor and control the contents of communications within their borders. </div>
<div>
<br /></div>
<div>
Sometimes data sovereignty is about applying local rules, customs and regulations. e.g., Europe is debating a legally-mandated "right to be forgotten", and trying to define how/when a user should be able to delete personal data about themselves from the Internet, even when that personal data was legally published by a third-party, such as a newspaper. While the debate continues within Europe, it is clear that such a "right to be forgotten" could at best be implemented within the sub-set of the Internet that is subject to European jurisdiction, such as perhaps local domain addresses, or in other words, within a limited universe of data sovereignty. The same could be said for dozens of other local and regional-specific laws and regulations (like the Thai law making it a crime to insult their King). Absent data sovereignty, such local variations would be virtually impossible to implement on the global Internet, setting aside whether all this is for good or ill. </div>
<div>
<br /></div>
<div>
"Privacy" is often the vocabulary you'll see governments use to militate for more "data sovereignty." One of the tools used to try to achieve this data sovereignty is restrictions on international data transfers, once again, setting aside whether this is good or even possible. My point is simply that governments want many different things under the guise of "data sovereignty." Sometimes governments want more "privacy," and sometimes "privacy" is just a pretext for unrelated government goals. </div>
<div>
<br /></div>
<div>
When governments say they'll create their safe little Splinternets for their citizens, I know this does little more than put lane lines in a pool, keeping the swimmers in their lanes, while the water continues to flow everywhere, as it always has and always will, as every swimmer knows. </div>
</div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-62990744435158801822013-10-30T16:42:00.000+01:002013-10-30T16:42:32.503+01:00To talk, or not to talk, that is the question<br />
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I sat down at lunch with three of the biggest corporate guns in the field of privacy. We're all old friends, and more than a little battle-hardened, and over a cool bottle of Sancerre, we started a heated debate about the benefits of talking, or not talking, about privacy, in the public arena. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Person A: We never talk about privacy. It's a loser. You can't say anything about it, without offending someone. Talking about privacy is like talking about religion or politics at a dinner party, frankly it's no-go. Let privacy advocates talk about privacy. As far us, the less said, the better. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Person B: We talk about privacy in a pedagogical sense. We all know that it's important, and complicated, and we know that consumers need to be educated, to help them make their own decisions. Transparency is fundamental and ethical, and we're committed to being open about it.</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Person C: We talk about privacy, but only to attack our competitors. Our most successful marketing initiative this year was to copy the attack-ads that have been part of US politics for years. Of course it's cynical, and perhaps dishonest and hypocritical, but it works. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Person A: It's a myth that you can build trust by talking about privacy. Actually, the opposite is true. It's sad, but that's the reality. If a college kid walks into a bar and tells everybody in the bar that he's never had any sexually-transmitted disease, do you think he's more likely to score than the guy with herpes who doesn't tell anybody about it? </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Person B: You can talk about things that support privacy, like privacy controls, privacy settings, and strong security. Those things build trust, and they're objective, and people deserve to know about them.</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Person C: You are so naive. If you're in a race, you want to win. Sure, you can try to be the fastest, strongest, smartest, but if you're not, you can still win by hiring some thug to break your competitors' kneecaps. And trust me, privacy is like a kneecap. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I sat back, and said nothing, and sipped my Sancerre, and unconsciously perhaps, crossed my legs and put my hands on my knees. </div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-50120236398150018202013-10-29T09:54:00.000+01:002013-10-29T09:54:37.113+01:00Tinker, Tailor, Soldier, Spy, They hacked my phone, I don't know why<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Why was it candy to hack the Handy of the world's most powerful woman? Did she park her Porsche in a public place without locking it? </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The press are outraged and the politicians are indignant that Merkel's phone has been hacked for years by the NSA. Obama did or didn't know about it. This diplomatic squabble makes for good headlines, but it's not the real lesson of this story.</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Indeed, why was Merkel using an unsecured phone?! According to press reports of the Snowden revelations, she was using the sort of phone service that you or I could buy by popping into a shop in Berlin. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
If the NSA has been listening to Merkel's phone for years, and the German authorities only learned about it from the Snowden revelations, then one has to assume that other sophisticated national surveillance organizations, like the Chinese and the Russians, have been listening too. State surveillance secrets in China and Russia are less leaky than in the US, and I doubt we'll see a Chinese or Russian Snowden expose their practices to the world. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
So, the most powerful woman on the planet apparently needs help in recruiting a staff of competent computer and communications security experts who could help protect her and her role. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Any privacy lawyer who works in the field of security breaches always asks a basic question of the target of a breach/hack: were you using "adequate security"? Seriously, would you park your Porsche in a public place without locking it? </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-89828773929062749672013-10-25T10:20:00.000+01:002013-10-25T10:20:25.740+01:00My Mom and Dad trust each other<br />
<a href="http://1.bp.blogspot.com/-ccvnXsejRR8/UmowN2xLL6I/AAAAAAAAAUo/-c16LHty7l4/s1600/PICT0025.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="240" src="http://1.bp.blogspot.com/-ccvnXsejRR8/UmowN2xLL6I/AAAAAAAAAUo/-c16LHty7l4/s320/PICT0025.JPG" width="320" /></a><br />
<span style="color: #222222;"><span style="font-family: inherit;"><br /></span></span>
<span style="color: #222222;"><span style="font-family: inherit;">Imagine if your mom and dad didn't trust each other. Imagine if they spied on each other, and hired private investigators, and tapped each other's phone calls. They'd yell and fight, and the kids would be unhappy.</span></span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Then, into the house came a woman, saying she was from Brussels, and she could fix things. She said we needed fair rules to re-build trust. Everyone listened. </span><br />
<span style="font-family: inherit;"><br />She said we needed the following rules: the children should never be allowed out of the house, except to go to school, since no other place could be trusted. She said that the children should never use Twitter or Facebook, since they couldn't be trusted. She said that the children could only play games that had been pre-approved by their teachers or parents, since other games couldn't be trusted. She said the children needed discipline, and severe sanctions if they ever violated these rules. </span><br />
<span style="font-family: inherit;"><br />She said that the only way to re-build trust between the parents, and to stop their spying on each other, was to impose these stern rules on the children. </span><br />
<span style="font-family: inherit;"><br />Everyone sat quietly for a moment. Then I said: "isn't it unfair to punish kids for our parents fighting with each other?" She said: "be quiet, child, I'm sick of your lobbying." </span><br />
<span style="font-family: inherit;"><br />After a few more moments of silence, the parents both said: "look, we're adults. This is our problem. We need to work it out between ourselves. Our children have nothing to do with this. Get out of our house, now! "</span><br />
<span style="font-family: inherit;"><br />As she walked towards the door, the woman from Brussels turned to us children and said: "You wicked little things. Unless you are subject to strict supervision, your parents will never trust each other again, and it's all your fault!"</span><br />
<span style="font-family: inherit;"><br />Editor's note: if you don't get the point of my little story, please read this <a href="http://www.huffingtonpost.com/jenshenrik-jeppesen/pushing-for-global-human-_b_4080393.html" style="color: #1155cc;">expert commentary</a> by Mr Jeppesen:<br /><span style="color: black; line-height: 21px;">"...the E.U. Data Protection Regulation (DPR) was first proposed in 2012. Unfortunately, government surveillance issues cannot be solved by this legislation....</span></span><span style="font-family: inherit; line-height: 21px;">it would not regulate E.U. Member States' national security intelligence programs, nor would it address the surveillance programs of the United States. The European Parliament and the European Commission simply do not have the authority to address national security matters... The only path forward for true reform around global surveillance practices is a much harder slog. It will require a joint European-U.S. effort to find agreement on proper legal standards and safeguards."</span><br />
<br />
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com1tag:blogger.com,1999:blog-6974997875021040765.post-43427646318010434422013-10-24T12:15:00.000+01:002013-10-24T12:15:13.608+01:00Jeff Koons' Private Parts<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I was invited to a fancy charity dinner in Paris, and was treated to a delicious feast of suave irony. It's not every day that I sip Dom Perignon with Jeff Koons and Laurent Fabius, paid for by a tax-exempt charity. The conversation went something like this:</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Jeff: I love France, I love Versailles. They just did a show of my work. For centuries, people with wealth and power have bought the world's best art to show the world their excellent taste.</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Laurent: We're so happy to invite our American friends to France. I come from a long family tradition of art dealers. In France, we support culture. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
</div>
<div style="color: #222222; font-family: arial; font-size: small;">
Silly rich person at our table: Jeff, which artist had the most influence on you?</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Jeff: My favorite artist has always been Monet, or Manet, I mean Monet. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Me: I start howling with laughter. I am kicked in the shin by my partner. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Silly rich person at our table: I adore la France. My entire house in Dallas is decorated in French style. and Peter, what do you do, she asks, feigning interest.</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Me: I work in privacy, and I'm bemused by Jeff's soft-porn art and the idea of an artist exposing his erection as a statement about what's private and what's public. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Laurent: Apologies, dear American friends, I must leave you now to speak with Assad. So vulgar, but his wife is charming. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Jeff: Apologies, too, I have to catch a flight with Francois to Venice tomorrow, he says, with an ah-shucks tone and a million-dollar smile that had all of us swoon. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Silly rich person at our table: I just loved them both! So down-to-earth! but, Peter, I think your comment about his nude art made him uncomfortable. Did he really show his private parts in his art? I'd like to see that. </div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-18825961494436343692013-10-22T08:41:00.000+01:002013-10-22T08:41:22.740+01:00Two farmers and a donkey<br />
<div style="color: #222222; font-family: arial; font-size: small;">
Two farmers owned fields that lie side by side. They don't like each other, and they never have. But fate has put their fields next to each other. Farming is a tough life, and neither makes much money. So, the two farmers agreed, with heavy-hearts, to buy a donkey jointly, and to share it to till their fields. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
For a while it worked, but as the spring wore on, and the days started getting hotter, both farmers wanted to till his fields in the early morning, when it was cooler. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The donkey stood in the middle, on the line between the two fields, while each farmer tugged as hard as he could, trying to pull the donkey in his direction. The donkey didn't move. He couldn't. He was being pulled in two opposite directions, by farmers of equal strength. After several minutes of excruciating pain, the ropes around the donkeys neck, being pulled in opposite directions, choked the donkey, and he fell to the ground with a dull thud. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The farmers glared at each other for a few minutes. Then they grinned, shook hands, and agreed that it was a damn dumb donkey not to follow their commands. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
oh, and except for the damb dumb donkey, everyone grinned and applauded <a href="http://www.nytimes.com/2013/10/22/business/international/eu-panel-backs-plan-to-shield-online-data.html" style="color: #1155cc;">this</a>. </div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com2tag:blogger.com,1999:blog-6974997875021040765.post-82806523300597303722013-10-20T11:32:00.000+01:002013-10-20T11:32:40.784+01:00Dear Diary<div class="separator" style="clear: both; text-align: center;">
<a href="http://2.bp.blogspot.com/-evJQHbuxf-I/UmOvJmNy01I/AAAAAAAAAUY/H1HjRv8OS2o/s1600/Spain+May+June+11+100.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="180" src="http://2.bp.blogspot.com/-evJQHbuxf-I/UmOvJmNy01I/AAAAAAAAAUY/H1HjRv8OS2o/s320/Spain+May+June+11+100.jpg" width="320" /></a></div>
<br />
<div style="color: #222222; font-family: arial; font-size: small;">
Dear Diary,</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
You're the only one I can talk to. You're the only place where I can share my secret fears. I feel safe, because I know that no one else will ever read what I write here. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Even now, after all these years, I don't feel safe as a gay man. I know there are a lot of people who hate me for that. I feel sick to my stomach when I read how another young gay man was murdered: <span style="color: #333333; font-family: Arial, Helmet, Freesans, sans-serif; font-size: 14px; line-height: 18px;"><a href="http://www.bbc.co.uk/news/world-latin-america-24576532" style="color: #1155cc;">They broke Mr Zamudio's leg with a heavy stone, beat him up with bottles and carved swastikas into his body with broken glass before walking away.</a></span></div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I am very proud to spend my working life in the field of privacy. I believe that it's the foundation of human dignity, and I hope that I can contribute something to it. But in a dark mood, I realize that I can no more hold up the tides of technology than an oyster can stop the tides. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I know that secret algorithms roam the Internet, analyzing, recording, and data-mining every piece of data that they find, billion by billion. But I assume they won't read this blog, because it's just my blog and it's not very important, except to me. And even if they do read this blog, I assume it's just to show me an ad, which isn't a big deal. I mean, they wouldn't create a psychographic profile of me, would they, to use to decide whether or not to hire or fire me? I mean, I'm not a public figure, like a politician, so why would they create a profile of me?</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I had a funny dream yesterday, that I went to dental school to start a new career. In my dream, I realized that no one would ever thank you for your work in privacy, because it was always a losing fight, so I thought I'd look for a career where you could help people. Well, that's something I could only tell you, dear diary, since I wouldn't want anyone else to know that I'm nagged by doubts. This facade is getting exhausting, like pretending to be straight when you're not. I'm willing to fight the good fight, but I know that I'll lose, in the end. Well, dear diary, at least I can confide in you, and I feel better already, since I know you'll keep my secrets. </div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com1tag:blogger.com,1999:blog-6974997875021040765.post-40600499685234787632013-10-18T14:09:00.000+01:002013-10-18T14:09:45.078+01:00Lovely, lovely, let's not change a thing<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-rQIrq-XNekA/UmEwHPV_OYI/AAAAAAAAAUI/tME_FaAjWV4/s1600/PICT3543.JPG" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="320" src="http://4.bp.blogspot.com/-rQIrq-XNekA/UmEwHPV_OYI/AAAAAAAAAUI/tME_FaAjWV4/s320/PICT3543.JPG" width="240" /></a></div>
<br />
<div style="color: #222222; font-family: arial; font-size: small;">
While I was on St Bart's, a lovely French island where plutocrats play, I had a chance to chat with the image-savvy CEO of a major tech company based in California (not Google). We were talking about privacy in Europe, and she said: "yeah, I know, Europeans think different, Nazis and stuff". Then she realized I was not an important person, and turned away to talk to someone else. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Indeed, stuff... She's right, of course, on a basic level, that privacy expectations reflect each country's culture, history and ideology. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
But the Nazis and stuff don't quite explain Europe. Take France, and its "stuff". I love France. I love the country, the people, the culture, the language. I do not love its government. I think France is poorly governed by an entrenched "political class" and run by an army of grumpy functionaries and enslaved to a socialist ideology stuck in a 1970's rut. And lots of people think that it will be run by the far-right Front National in a few years, as mainstream voters get sick of their "mainstream" parties and Socialist taxocrats. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
France is a deeply conservative society, in the sense that it does not like change. This country is deeply uncomfortable with globalization, and even with capitalism, based on a widespread pessimism that France's best days are behind it. Innovation is not popular in a country that thinks it's more likely to lose from the change that innovation brings. The innovation that is popular in France is inventing new taxes (innovating a new global financial transactions tax?, innovating a new "data" tax? innovating the highest marginal income taxes in the world?). </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Paris was once more welcoming to foreign businesses. The <a href="http://www.economist.com/news/leaders/21566640-why-france-could-become-biggest-danger-europes-single-currency-time-bomb-heart" style="color: #1155cc;" target="_blank">Economist's article</a> recently struck a lucid and painful blow to French self-esteem: The article pointed out that Paris was Morgan Stanley's first international office, a decade before London! Can you remember the 1970's and 1980's, when American technology giants like IBM and Microsoft chose Paris as their European headquarters? The entire new generation of American tech companies have chosen London or Dublin or Luxembourg or Zurich for their European headquarters. I can't think of a single American company that has chosen Paris for its European headquarters in the last two decades. Understandably, this is all hard for Paris to swallow. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
</div>
<div style="color: #222222; font-family: arial; font-size: small;">
Against this background, it's easier to understand why the French government is campaigning to weaken the European Commission's proposal to institute a<a href="http://privacylawblog.ffw.com/2012/getting-the-one-stop-shop-principle-to-work" style="color: #1155cc;" target="_blank"> one-stop shop in Europe</a>. Most US companies would find their lead regulators in Dublin or London or Luxembourg. As far as I know, not a single foreign company would have its "main establishment" in Paris. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Looking at the increasingly barren business landscape in Paris, I'm reminded of Voltaire's advice: "Il faut cultiver notre jardin". I'm often amazed that anything grows here at all, like a pretty flower in the dry, hostile desert. </div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-34244468332305049092013-10-08T08:11:00.000+01:002013-10-08T08:11:54.775+01:00From Warsaw to Mauritius<div>
<br /></div>
<div>
I'm just back from a privacy commissioners' conference in Warsaw. I detected a theme of privacy-war-weariness there. It's tiring, spending your days navigating the constant conflicts of privacy and protectionism, privacy and politics, privacy and Prism. </div>
<div>
<br /><div>
I'm sympathetic to people who are tired of sitting in drab conference centers from Brussels to Belgrade, half-listening to tedious talks and self-righteous rants and anti-American tirades. </div>
<div>
<br /></div>
<div>
How can I blame civil servants for voting to hold their next annual global conference on an Indian Ocean resort island of Mauritius? Ok, I admit, at first I thought it was a joke, but then I was told it wasn't. </div>
<div>
<br /></div>
<div>
This could be fun: in sunny Mauritius, you'll see your global privacy colleagues in an entirely new light, discussing Binding Corporate Rules on the beach, or monitoring international data flows in the Indian Ocean. Ever heard a speech about transparency from someone in a Speedo? engaging in a little surreptious surveillance by snorkeling. </div>
<div>
<br /></div>
<div>
At the last conference in Warsaw, I can't remember much, and I always tune out the anti-American rants, but someone said personal data on social platforms was like "urine in a swimming pool", which made me sit up and listen, since I'm a swimmer, and ponder the analogy, and at my pool, we drain the water twice a year, which is sort of like a Right to be Forgotten, or at least it gets rid of the urine eventually, unlike the Web. Then someone started another anti-American rant about why can't Americans be enlightened enough to create euro-bureaucracies like us to "accompany innovation", so I sighed and zoned out again and watched swimming videos on YouTube. </div>
<div>
<br /></div>
<div>
Indeed, it's been a tough year in privacy-land, tempers are frayed, and we all deserve a break (well, except the taxpayers). As the International Association of Privacy Professionals <a href="https://www.privacyassociation.org/publications/data_protection_and_privacy_commissioners_release_resolutions_on_tracking_p" style="color: #1155cc;" target="_blank">reported</a>: </div>
<div>
<br /></div>
<div>
<span style="background-color: #e9e5d2; color: #404040; font-family: Verdana, Arial, sans-serif; font-size: 12px; line-height: 18px;">To celebrate, Mauritius will play host to next year’s International Conference of Data Protection and Privacy Commissioners on September 22, 2014.</span></div>
<div>
<br clear="all" style="background-color: white; color: #222222; font-family: arial; font-size: small;" /></div>
</div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-88384634924370496902013-08-23T16:55:00.001+01:002013-08-23T16:55:40.127+01:00Saying Nyet to the Russian Homophobolympics <div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-IEA2o3knFbo/UheFVVMnCrI/AAAAAAAAAT0/xjIZrANe1kk/s1600/Zermatt+ski+Mar+12+015.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="240" src="http://4.bp.blogspot.com/-IEA2o3knFbo/UheFVVMnCrI/AAAAAAAAAT0/xjIZrANe1kk/s320/Zermatt+ski+Mar+12+015.jpg" width="320" /></a></div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
As a gay-athlete, and oh yes, also privacy professional, I've decided not to set foot in Russia, as a personal protest against Russia's offensive <a href="http://www.theguardian.com/commentisfree/2013/aug/23/wentworth-miller-olympics-russia-antigay-law" style="color: #1155cc;">homophobic laws</a>. My swim team friends and I agreed that Putin is demeaning the Olympics and turning them into his Homophobolympics. We know something about athletic discipline: we swim a lot and hard. We've all trained with real Olympians, and we're in awe of them. So, how should we react when political thugs attack the core values of the Olympics? </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
When some politicians in Russia recently started <a href="http://blogs.wsj.com/emergingeurope/2013/07/25/russia-probes-google-facebook-twitter-are-next/" style="color: #1155cc;" target="_blank">"investigating"</a> American tech companies, I was invited to go to Moscow to meet with them. But in the case of Russia, in light of its recent <a href="http://www.nytimes.com/2013/08/12/world/europe/gays-in-russia-find-no-haven-despite-support-from-the-west.html?pagewanted=all" style="color: #1155cc;" target="_blank">Anti-Gay Propaganda law</a>, I declined. I decided not to set foot in Russia, as an act of personal conscience. Many other people whom I respect are making similar decisions <a href="http://www.theguardian.com/commentisfree/2013/aug/23/wentworth-miller-olympics-russia-antigay-law" style="color: #1155cc;">not to set foot in Russia. </a></div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Russia joins a rogue's gallery of countries with <a href="http://en.wikipedia.org/wiki/Homophobia">state-sponsored homophobia</a>, but unlike the others, Russia is soon to host the Winter Olympics. Ever since Hitler hosted the <a href="http://en.wikipedia.org/wiki/1936_Summer_Olympics" style="color: #1155cc;">Berlin Olympics in 1936</a>, we know how miscreants in power want to use the Oympic global stage to win international attention and acclaim. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I have deep respect for athletes. We should do nothing to hurt athletes in Sochi. But let's also use the Sochi Games to shine a spotlight on Putin's regime. Putin wants the spotlight, let him have it. Let's shine a spotlight on government corruption in constructing the $50 billion Olympics facilities. Let's shine a spotlight on Putin's crackdown on human rights, on democracy, on the judicial system in Russia. Let's shine a spotlight on Putin's coterie of friendly rogue-regimes, like Syria's Assad. Let's shine a spotlight on the personal wealth accumulated by friends of the regime. Let's use social media to disseminate evidence of the vicious homophobia that Putin is inciting. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Each of us must make a choice. I'm not setting foot in Russia. Despite its lofty self-congratulatory rhetoric, the IOC is taking the <a href="http://www.nytimes.com/2013/08/13/opinion/the-olympics-leadership-mess.html?ref=global-home" style="color: #1155cc;" target="_blank">amoral</a> path. But many people will go to Sochi, and I have a wish for athletes and spectators alike: wave a <a href="http://en.wikipedia.org/wiki/Rainbow_flag_(LGBT_movement)" style="color: #1155cc;" target="_blank">rainbow flag </a>as you march at the Opening Ceremony, or wear a rainbow scarf or pin. Some politicians around the world are already showing <a href="http://www.rferl.org/content/russia-sister-cities-gay-law/25051513.html" style="color: #1155cc;" target="_blank">ethical leadership</a>, and I hope the clutch of global politicians attending the G20 in St Petersburg soon will too. Imagine if we had all had the courage in 1936, Jews and non-Jews alike, to march at the Opening Ceremony in Berlin wearing Yellow Stars. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Say Nyet to the Homophobolympics.</div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-90436940038612410552013-08-02T07:55:00.000+01:002013-08-02T07:55:48.103+01:00How to feign outrage over PRISM<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Around the world, politicians are under pressure to express their outrage over US government surveillance. It's August, and your PR teams may be on holiday, so here are some hints on how to get a good headline:</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
1) <b>Focus your outrage on the American</b> <b>government.</b> Distract everyone from the fact that your own government does it too. e.g., Europe has the most privacy-invasive government surveillance regime in the world, based on the mandatory data retention of the communications logs (aka, metadata) on every single electronic communication for periods ranging from 6 to 24 months. The US does not have such a data retention regime, because it was deemed too privacy-invasive by the US Congress. But don't talk about that. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
2) <b> Focus your outrage on foreign private</b> <b>companies</b> (e.g., Twitter or whatever). Companies of course are not in control of government surveillance, but just the tools. In any case, only talk about foreign companies, and never suggest that your own domestic companies are subject to similar (or much greater) surveillance. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
3) <b>Feel free to make up the facts</b>. Since much government surveillance is by its very nature secret, you can say pretty much anything without risk of being contradicted by the facts. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
4) <b>Propose credible-sounding but irrelevant solutions.</b> Like suggesting that the way to rein in US government surveillance is to abrogate the US-EU Safe Harbor Framework, which governs data transfers in the private sector, even though you know of course that the location of data is irrelevant to the US government's power to order access to it. Location of data sounds relevant, and only a few lawyers know otherwise. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
5) <b>Use it as leverage for an unrelated political goal.</b> Politics is all about deal-making, and trade-offs. So, use this PRISM scandal to exert pressure for whatever else you want: trade deals, global warming treaties, anything is fair game. In fact, you can even use this as a good excuse to increase your own government surveillance powers: "we want to be able to do what the Americans are doing." </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
6) <b>Get your headlines now.</b> You know that all this will blow over. Snowden will melt away like a snowman in spring. Nothing much will change in the realm of government surveillance. Perhaps there will be a few cosmetic changes, like reforming the FISA Court. You also know that the next big terrorist attack will completely change the political winds. It's August, so go sailing, and be ready to tack when the winds shift. </div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com1tag:blogger.com,1999:blog-6974997875021040765.post-32677673319520520532013-07-29T12:44:00.000+01:002013-07-29T12:44:31.400+01:00Russia ratifies Privacy Rights...but not for Gays <div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Modern privacy law was invented over a century ago in the United States, was re-discovered in post-war-Europe, and is now spreading around the world. Privacy laws have historically been built on three foundations: 1) democracy, 2) rule of law, and 3) respect for fundamental human rights. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
So, what should we make of the fact that a rogue's gallery of autocratic countries, with neither rule of law, nor respect for fundamental human rights, are starting to pass privacy laws?</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Take the example of Russia. Last month, at the same time that Putin's regime ratified an international framework of privacy law, known as <a href="http://conventions.coe.int/Treaty/en/Treaties/Html/108.htm" style="color: #1155cc;">Convention of Europe 108</a>, it also launched its <a href="http://www.foxnews.com/world/2013/06/30/russia-putin-signs-gay-propaganda-ban-into-law/" style="color: #1155cc;">war on gays. </a> </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Why would Putin's regime ratify a privacy law, while subverting democracy, subverting the rule of law, and inciting vicious homophobia as official policy? Is it just to distract an ignorant electorate from the Kremlin's kleptocracy? How exactly is the <a href="http://www.themoscowtimes.com/news/article/sochi-olympians-guests-exempt-from-gay-propaganda-law-ioc-says/483703.html" style="color: #1155cc;">International Olympic Committee</a> going to deal with Sochi? Should Russia or Russian products be <a href="http://www.sfgate.com/news/article/Gay-bars-boycott-Russian-vodka-over-anti-gay-laws-4689923.php" style="color: #1155cc;">boycotted</a> by people of conscience? I don't want to see the world's athletes held hostage to this, but nor do I want to see them march under the salute of Putin, recollecting those tragic Games in Berlin. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
What, I wonder, does a privacy law mean in this context? And if you think all this is just Russian thugocratic posturing, imagine if your gay teenage son were Russian. I dare you to <a href="http://www.advocate.com/news/world-news/2013/07/26/russian-neo-nazis-torture-gay-teens-anti-pedophilia-campaign" style="color: #1155cc;">click. </a> I doubt this tortured teen will find redress under Russia's ratification of privacy laws, do you?</div>
<div>
<br /></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-33627086831962658622013-07-15T08:44:00.000+01:002013-07-15T08:44:30.335+01:00We need global privacy standards...now more than ever<div style="color: #222222; font-family: arial; font-size: small;">
As a reaction to the recent spate of government surveillance revelations, this week the Chancellor of Germany and others have issued <a href="http://www.spiegel.de/politik/deutschland/nsa-affaere-merkel-will-internationales-datenschutzabkommen-a-911094.html">calls for an international data protection treaty</a>. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Back in 2007, I gave a speech to <a href="http://portal.unesco.org/ci/en/files/25452/11909026951Fleischer-Peter.pdf/Fleischer-Peter.pdf">UNESCO</a> calling for...<a href="http://peterfleischer.blogspot.fr/2007/09/need-for-global-privacy-standards.html" style="color: #1155cc;">global privacy standards</a>. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
My speech was broadly covered by the press: <a href="http://www.guardian.co.uk/technology/2007/sep/14/news.google">Google urges UN to set global internet privacy rules.</a></div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
On re-reading it, I'm struck by how little has changed since 2007, both in terms of the need for global privacy standards, and how little progress has been made to achieve them. After two years of acrimonious debate, we can't even agree on a draft privacy law for Europe, much less a treaty for the world. Nonetheless, I'm firmly in the camp of people who believe that privacy can only be protected in a global context, and that global privacy standards are part of that fabric. I'm taking the liberty of re-posting it below. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
<h2 class="date-header" style="background-color: #f6f6f6; color: #777777; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 14px; margin: 10px 0px 0px;">
Friday, September 14, 2007</h2>
<div class="date-posts" style="background-color: #f6f6f6; color: black; font-family: 'Trebuchet MS', Trebuchet, Verdana, sans-serif; font-size: 13px;">
<div class="post-outer">
<div class="post hentry uncustomized-post-template" itemprop="blogPost" itemscope="itemscope" itemtype="http://schema.org/BlogPosting" style="margin: 0px 0px 30px;">
<a href="" name="7463158638602853242" style="color: #de7008;"></a><h3 class="post-title entry-title" itemprop="name" style="color: #9e5205; font-family: Verdana, sans-serif; font-size: 21px; letter-spacing: -1px; margin: 0px;">
The Need for Global Privacy Standards</h3>
<div class="post-header">
<div class="post-header-line-1">
</div>
</div>
<div class="post-body entry-content" id="post-body-7463158638602853242" itemprop="description articleBody">
<strong>Introduction</strong><br /><strong></strong><br />How should we update privacy concepts for the Information Age? The total amount of data in the world is exploding, and data flows around the globe with the click of mouse. Every time you use a credit card, or every time you use an online service, your data is zipping around the planet. Let’s say you live in France and you use a US company’s online service. The US company may serve you from any one of its numerous data centers, from the “cloud” as we say in technology circles, in other words, from infrastructure which could be in Belgium or Ireland – and which could change based on momentary traffic flows. The company may store offline disaster recovery tapes in yet another location (without disclosing the location, for security purposes). And the company may engage customer service reps in yet another country, say India. So, your data may move across 6 or 7 countries, even for very routine transactions.<br />As a consumer, how do you know that your data is protected, wherever it is located? As a business, how do you know which standards of data protection to apply? As governments, how do you ensure that your consumers and your businesses can participate fully in the global digital economy, while ensuring their privacy is protected?<br /><br />The story illustrates the argument I want to make today. It is that businesses, governments but most of all citizens and consumers would all benefit if we could devise and implement global privacy standards. In an age when billions of people are used to connecting with data around the world at the speed of light, we need to ensure that there are minimum privacy protections around the world. We can do better, when the majority of the world’s countries offer virtually no privacy standards to their citizens or to their businesses. And the minority of the world’s countries that have privacy regimes follow divergent models. Today, citizens lose out because they are unsure about what rights they have given the patchwork of competing regimes, and the cost of compliance for businesses risks chilling economic activity. Governments often struggle to find any clear internationally recognised standards on which to build their privacy legislation.<br /><br />Of course there are good reasons for some country-specific privacy legislation. The benefits of homogeneity must be balanced by the rights of legitimate authorities to determine laws within their jurisdictions. We don’t expect the same tax rules in every country, say some critics, so why should we expect the same privacy rules? But in many areas affecting international trade, from copyright to aviation regulations to world health issues, huge benefits have been achieved by the setting of globally respected standards. In today’s inter-connected world, no one country and no one national law by itself can address the global issues of copyright or airplane safety or influenza pandemics. It is time that the most globalised and transportable commodity in the world today, data, was given similar treatment.<br /><br />So today I would like to set out why I think international privacy rules are necessary, and to discuss ideas about how we create universally respected rules. I don’t claim to have all the answers to these big questions, but I hope we can contribute to the debate and the awareness of the need to make progress.<br /><br /><strong>Drivers behind the original privacy standards</strong><br /><strong></strong><br />But first a bit of history. Modern privacy law is a response to historical and technological developments of the second-half of the 20th century. The ability to collect, store and disseminate vast amounts of information about individuals through the use of computers was clearly chilling against the collective memories of the dreadful mass-misuse of information about people that Europe had experienced during WWII. Not surprisingly, therefore, the first data privacy initiatives arose in Europe, and they were primarily aimed at imposing obligations that would protect individuals from unjustified intrusions by the state or large corporations, as reflected in the 1950 European <a href="http://conventions.coe.int/Treaty/en/Treaties/Html/005.htm" style="color: #de7008;">Convention</a> for the Protection of Rights and Fundamental Freedoms.<br /><br /><strong>Early international instruments</strong><br /><br />After a decade of uncoordinated legislative activity across Europe, the <a href="http://www.oecd.org/home/0,2987,en_2649_201185_1_1_1_1_1,00.html" style="color: #de7008;">Organisation for Economic Co-operation and Development</a> identified a danger: that disparities in national legislations could hamper the free flow of personal data across frontiers. In order to avoid unjustified obstacles to transborder data flows, in 1980 the OECD adopted its <a href="http://www.oecd.org/document/18/0,2340,en_2649_34255_1815186_1_1_1_1,00.html" style="color: #de7008;">Guidelines</a> on the Protection of Privacy and Transborder Flows of Personal Data. It’s worth underscoring that concerns about international data flows were already being addressed in a multinational context as early as 1980, with the awareness that a purely national approach to privacy regulation simply wasn’t keeping abreast of technological and business realities.<br /><br />These OECD Guidelines became particularly influential for the development of data privacy laws in non-European jurisdictions. The Guidelines represent the first codification of the so-called ‘fair information principles’. These eight principles were meant to be taken into account by OECD member countries when passing domestic legislation and include: 1) collection limitation, 2) data quality, 3) purpose specification, 4) use limitation, 5) security safeguards, 6) openness, 7) individual participation, and 8) accountability.<br /><br />A parallel development in the same area but with a slightly different primary aim was the Council of Europe<a href="http://conventions.coe.int/Treaty/en/Treaties/Html/108.htm" style="color: #de7008;">Convention</a> on the Automated Processing of Personal Data adopted in 1981. The Convention’s purpose was to secure individuals’ right to privacy with regard to the automatic processing of personal data and was directly inspired by the original European Convention on human rights. The Council of Europe instrument sets out a number of basic principles for data protection, which are similar to the ‘fair information principles’ of the OECD Guidelines. In addition, the Convention establishes special categories of data, provides additional safeguards for individuals and requires countries to establish sanctions and remedies.<br />The different origins and aims of both instruments result in rather different approaches to data privacy regulation. For example, whilst the Convention relies heavily on the establishment of a supervisory authority with responsibility for enforcement, the OECD Guidelines rely on court-driven enforcement mechanisms. These disparities have been reflected in the laws of the countries within the sphere of influence of each model. So, for example, in Europe, privacy abuses are regulated by independent, single-purpose bureaucracies, while in the US, privacy abuses can be regulated by many different government and private bodies (e.g., the Federal Trade Commission at the Federal level, Attorneys General at the State levels, and private litigants everywhere). It’s impossible to say which model is more effective, since each reflects the unique regulatory and legal cultures of their respective traditions. Globally, we need to focus on advocating privacy standards to countries around the world. But we should defer to each country to decide on its own regulatory models, given its own traditions.<br /><br /><strong>Current situation</strong><br /><strong></strong><br />Today, a quarter century later, some countries are inspired by the OECD Guidelines, others follow the European approach, and some newer ones incorporate hybrid approaches by cherry-picking elements from existing frameworks, while the significant majority still has no privacy regimes at all.<br /><br />After half a decade of negotiations, in 1995, the EU adopted the Data Protection <a href="http://eur-lex.europa.eu/smartapi/cgi/sga_doc?smartapi!celexapi!prod!CELEXnumdoc&lg=EN&numdoc=31995L0046&model=guichett" style="color: #de7008;">Directive</a> 95/46/EC. The EU Directive has a two-fold aim: to protect the right to privacy of individuals, and to facilitate the free flow of personal data between EU Member States. Despite its harmonisation purpose, according to a recent EU Commission <a href="http://ec.europa.eu/justice_home/fsj/privacy/docs/lawreport/com_2007_87_f_en.pdf" style="color: #de7008;">Communication</a>, the Directive has not been properly implemented in some countries yet. This shows the inherent difficulty in trying to roll out a detailed and strict set of principles, obligations and rights across jurisdictions. However, the Commission has also made it clear that at this stage, it does not envisage submitting any legislative proposals to amend the Directive.<br /><br />In terms of core European standards, the best description of what the EU privacy authorities would regard as “adequate data protection” can be found in the Article 29 Working Party’s document <a href="http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/1998/wp12_en.pdf" style="color: #de7008;">WP 12</a>. This document is a useful and detailed point of reference to the essence of European data privacy rules, comprising both content principles and procedural requirements. In comparison with other international approaches, EU data privacy laws appear restrictive and cumbersome, particularly as a result of the stringent prohibition on transfers of data to <a href="http://ec.europa.eu/justice_home/fsj/privacy/thridcountries/index_en.htm" style="color: #de7008;">most countries</a> outside the European Union. The EU’s formalistic criteria for determining “adequacy” have been widely criticized: why should Argentina be “adequate”, but not Japan? As a European citizen, why can companies transfer your data (even without your consent) to Argentina and Bulgaria and other “adequate” countries, but not to the vast majority of the countries of the world, like the US and Japan? In short, if we want to achieve global privacy standards, the European Commission will have to learn to demonstrate more respect for other countries’ approach to privacy regimes.<br /><br />But at least in Europe there is some degree of harmonisation. In contrast, the USA has so far avoided the adoption of an all-encompassing Federal privacy regime. Unlike in Europe, the USA has traditionally made a distinction between the need for privacy-related legislation in respect of the public and the private sectors. Specific laws have been passed to ensure that government and administrative bodies undertake certain obligations in this field. With regard to the use of personal information by private undertakings, the preferred practice has been to work on the basis of sector-specific laws at a Federal level whilst allowing individual states to develop their own legislative approaches. This has led to a flurry of state laws dealing with a whole range of privacy issues, from spam to pretexting. There are now something like 37 different USA State laws requiring security breach notifications to consumers, a patchwork that is hardly ideal for either American consumer confidence or American business compliance.<br /><br />The complex patchwork of privacy laws in the US has led many people to call for a simplified, uniform and flexible legal framework, and in particular for comprehensive harmonised Federal privacy legislation. To kick start a serious debate on this front, a number of leading US corporations set up in 2006 the Consumer Privacy Legislative <a href="http://www.cdt.org/privacy/20060620cplstatement.pdf" style="color: #de7008;">Forum</a>, of which Google forms part. It aims to make the case for harmonised legislation. We believe that the same arguments for global privacy standards should also apply to US Federal privacy standards: improve consumer protections and confidence by applying a consistent minimum standard, and ease the burdens on businesses trying to comply with multiple (sometimes conflicting) standards.<br />A third and increasingly influential approach to privacy legislation has been developing in Canada, particularly since the federal Personal Information Protection and Electronic Documents Act (“<a href="http://www.privcom.gc.ca/legislation/02_06_01_e.asp" style="color: #de7008;">PIPEDA</a>”) was adopted in 2000. The Canadian PIPEDA aims to have the flexibility of the OECD Guidelines – on which it is based – whilst providing the rigour of the European approach. In Canada, as in the USA, the law establishes different regimes for the public and private sectors, which allows for a greater focus on each. As has also been happening in the USA in recent years with state laws, provincial laws have recently taken a leading role in developing the Canadian model. Despite the fact that PIPEDA creates a privacy framework that requires the provincial laws to be "substantially similar" to the federal statute, a Parliamentary Committee carrying out a formal review of the existing framework earlier this year, recommended reforms for PIPEDA to be modelled on provincial laws. Overall, Canada should be praised for encouraging the development of progressive legislation which serves the interests of both citizens and businesses well.<br /><br />Perhaps the best example of a modern approach to the OECD privacy principles is to be found in the APEC Privacy <a href="http://www.apec.org/apec/news___media/2004_media_releases/201104_apecminsendorseprivacyfrmwk.html" style="color: #de7008;">Framework</a>, which has emerged from the work of the 21 countries of the Asia-Pacific Economic Cooperation forum. The Framework focuses its attention on ensuring practical and consistent privacy protection across a very wide range of economic and political perspectives that include global powerhouses such as the US and China, plus some key players in the privacy world (some old, some new), such as Australia, New Zealand, Korea, Hong Kong and Japan. In addition to being a sort of modern version of the old OECD Guidelines, the Framework suggests that privacy legislation should be primarily aimed at preventing harm to individuals from the wrongful collection and misuse of their information. The proposed framework points out that under the new “preventing harm” principle, any remedial measures should be proportionate to the likelihood and severity of the harm.<br /><br />Unfortunately, the co-existence of such diverse international approaches to privacy protection has three very damaging consequences: uncertainty for international organisations, unrealistic limits on data flows in conflict with global electronic communications, and ultimately loss of effective privacy protection.<br /><br /><strong>New (interconnected) drivers for global privacy standards</strong><br /><strong></strong><br />Against this background, we are witnessing a series of new phenomena that evidence the need for global privacy standards much more compellingly than in the 70s, 80s or 90s. The development of communications and technology in the past decade has had a marked economic impact and accelerated what is commonly known as ‘globalisation’. Doing business internationally, exchanging information across borders and providing global services has become the norm in an unprecedented way. This means that many organisations and those within them operate across multiple jurisdictions. The Internet has made this phenomenon real for everyone.<br /><br />A welcome concomitant of the unprecedented technological power to collect and share all this personal information on a global basis is the increasing recognition of privacy rights. The concept of privacy and data protection regimes has moved from one discussed by experts at learned conferences to an issue that is discussed and debated by ordinary people who are increasingly used to the trade offs between privacy and utility in their daily lives. As citizens’ interest in the issue has grown, so, of course has politicians’ interest. The adoption of new and more sophisticated data privacy laws across the world and the radical legal changes affecting more traditional areas of law show that both law makers and the courts perceive the need to strengthen the right to privacy. Events which have highlighted the risks attached to the loss or misuse of personal information have led to a continuous demand for greater data security which often translates into more local laws, such as those requiring the <a href="http://www.consumersunion.org/campaigns/Breach_laws_May05.pdf" style="color: #de7008;">reporting of security breaches</a>, and <a href="http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2006/wp126_en.pdf" style="color: #de7008;">greater scrutiny</a>.<br /><br /><strong>Routes to the development of global privacy standards</strong><br /><strong></strong><br />The net result is that we have a fragmentation of competing local regimes, at the same time as we the massively increased ability for data to travel globally. Data on the Internet flows around the globe at nearly the speed of light. To be effective, privacy laws need to go global. But for those laws to be observed and effective, a realistic set of standards must emerge. It is absolutely imperative that these standards are aligned to today’s commercial realities and political needs, but they must also reflect technological realities. Such standards must be strong and credible but above all, they must be clear and they must workable.<br /><br />At the moment, there are a number of initiatives that could become the guiding force. As the most recent manifestation of the original OECD privacy principles, one possible route would be to follow the lead of the APEC Privacy Framework and extend its ambit of influence beyond the Asia-Pacific region. One good reason for adopting this route is that it already balances very carefully information privacy with business needs and commercial interests. At the same time, it also accords due recognition to cultural and other diversities that exist within its member economies.<br /><br />One distinctive example of an attempt to rally the UN and the world’s leaders behind the adoption of legal instruments of data protection and privacy according to basic principles is the Montreux <a href="http://www.edoeb.admin.ch/dokumentation/00444/01023/01025/index.html?lang=en&download=M3wBUQCu/8ulmKDu36WenojQ1NTTjaXZnqWfVp3Uhmfhnapmmc7Zi6rZnqCkkIN0g3yEbKbXrZ2lhtTN34al3p6YrY7P1oah162apo3X1cjYh2+hoJVn6w==" style="color: #de7008;">Declaration</a> of 2005. This Declaration probably represents the first official written attempt to encourage every government in the world to do something like this and this is an ambition that must be praised. Little further was heard about the progress of the Montreux Declaration until the International Privacy Commissioners’ Conference took place in November 2006 and the London <a href="http://ico.crl.uk.com/files/ComE.PDF" style="color: #de7008;">initiative</a> was presented. The London Initiative acknowledged that the global challenges that threaten individuals’ privacy rights require a global solution. It focuses on the role of the Commissioners’ Conference to spearhead the necessary actions at an international level. The international privacy commissioners behind the London Initiative argue that concrete suggestions must emerge in order to accomplish international initiatives, harmonise global practices and adopt common positions.<br /><br />One privacy commissioner who has expressed great interest in taking an international role aimed developing global standards is the UK Information Commissioner. The Data Protection <a href="http://www.ico.gov.uk/upload/documents/library/corporate/notices/ico_dp_strategy_draft.pdf" style="color: #de7008;">Strategy</a> of the Information Commissioner’s Office published at the end of June 2007 stresses the importance of improving the image, relevance and effectiveness of data protection worldwide and, crucially, recognises the need for simplification.<br /><br /><strong>Way forward</strong><br /><br />The key priority now should be to build awareness of the need for global privacy standards. Highlighting and understanding the drivers behind this need – globalisation, technological development, and emerging threats to privacy rights – will help policymakers better understand the crucial challenge we face and how best to find solutions to address them.<br />The ultimate goal should be to create minimum standards of privacy protection that meet the expectations and demands of consumers, businesses and governments. Such standards should be relevant today yet flexible enough to meet the needs of an ever changing world. Such standards must also respect the value of privacy as an innate dimension of the individual. To my mind, the APEC Framework is the most promising foundation on which to build, especially since competing models are flawed (the USA model is too complex and too much of a patchwork, the EU model is too bureaucratic and inflexible).<br /><br />As with all goals, we must devise a plan to achieve it. Determining the appropriate international forum for such standards would be an important first step, and this is a choice that belongs in the hands of many different stakeholders. It may be the OECD or the Council of Europe. It may be the International Chamber of Commerce or the World Economic Forum. It may be the International Commissioners’ Conference or it may be UNESCO. Whatever the right forum is, we should work together to devise a set of standards that reflects the needs of a truly globalised world. That gives each citizen certainty about the rules affecting their data, and the ability to manage their privacy according to their needs. That gives businesses the ability to work within one framework rather than dozens. And that gives governments clear direction about internationally recognised standards, and how they should be applied.<br /><br />Data is flowing across the Internet and across the globe. That’s the reality. The early initiatives to create global privacy standards have become more urgent and more necessary than ever. We must face the challenge together.</div>
</div>
</div>
</div>
</div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-28288056850279158402013-07-12T10:31:00.000+01:002013-07-12T10:31:29.722+01:00You can run, but you can't hide<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-B_b5ISfoRrc/Ud_L8EgcxKI/AAAAAAAAATk/pj7PYHqv_rk/s1600/Olympia.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="http://1.bp.blogspot.com/-B_b5ISfoRrc/Ud_L8EgcxKI/AAAAAAAAATk/pj7PYHqv_rk/s1600/Olympia.jpg" /></a></div>
<br />
<span style="font-family: inherit;">Government surveillance is running amock, worldwide. This is the sort of topic that Obama and I might have debated, when we were both idealists at our alma mater, Harvard Law School. </span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Revelations about US government surveillance continue to surprise in their scale and scope. We all now know that the NSA is hoovering up trillions of communications logs. We all now know that there are essentially no legal protections of non-US citizens from US government surveillance. We all now know that the FISA court, which is meant to provide judicial review of snooping on US citizens' communications, is little more than a rubber-stamp. We all now know that US government spying is directed at friend and foe alike. We all now know that the US government is bullying governments around the world to hand over the whistle-blower Snowden (forcing down the Presidential aircraft of a Sovereign State?), and most governments are collaborating meekly. </span><br />
<span style="font-family: inherit;"><br />As more people wake up to the idea of living in a Panopticon, one would think there would be a serious political debate about how to subject government surveillance to serious legal and judicial checks and balances. Where's the serious debate about finally updating <a href="http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act" style="color: #1155cc;" target="_blank">ECPA,</a> so that emails sitting in users' accounts do not lose most effective privacy protections after they're more than 180 days old? Where's the serious debate in countries around the world about their own governments' surveillance programs, not just about the Americans'? e.g., the French privacy watchdog launched an investigation into<b> foreign</b> government surveillance, curiously <a href="http://www.cnil.fr/linstitution/actualite/article/article/creation-dun-groupe-de-travail-sur-lacces-des-autorites-publiques-etrangeres-a-des-donnees/" style="color: #1155cc;" target="_blank">excluding</a> France's own<a href="http://www.bbc.co.uk/news/world-europe-23178284" style="color: #1155cc;" target="_blank"> recently-documented</a> surveillance programs. Where's the serious debate about whether Europe's much-debated privacy-law revamp has completely missed the boat by failing to address government surveillance? Where's the serious debate about whether US government surveillance makes a mockery of the long-debated, long-negotiated US-EU Parliamentary accords over the privacy safeguards governing US government access to Europeans' <a href="http://europa.eu/rapid/press-release_MEMO-11-60_en.htm" style="color: #1155cc;" target="_blank">Passenger Name Records</a> or <a href="http://www.euronews.com/2010/02/11/ep-ditches-us-swift-deal-on-bank-data-over-privacy/" style="color: #1155cc;" target="_blank">SWIFT</a> bank transfer data?</span><br />
<span style="font-family: inherit;"><br />I have long had a healthy wariness about governmental abuse of power. In my personal life, I've had a taste of what a government can do to prosecute an innocent person, sentenced to jail for a <a href="http://www.pcworld.com/article/2035387/google-video-trial-to-continue-to-italian-supreme-court.html" style="color: #1155cc;" target="_blank">non-crime</a>, then acquitted, and still being put through a decade of criminal justice hell. </span><br />
<span style="font-family: inherit;"><br />If the Snowden revelations do not suffice to create the political momentum to impose meaningful legal and judicial checks on secret government surveillance, then we're all on an unstoppable trajectory towards total surveillance. Or we can follow the lead of France's President, who expressed his outrage at revelations of US government spying by suggesting that trade talks with Les Americains should be subjected to a mid-July two-week delay. Take that! </span><br />
<span style="font-family: inherit;"><br /><span style="background-color: white; color: #222222;">Obama and I were at the same law school, and I recognize the skillset of my fellow Harvard Law School grad, where we were all trained in rhetoric, sometimes so empty that it would prompt even Ari Fleischer to zap (btw, no relation to me): "It's like George Bush is having his fourth term..." </span></span><br />
<div>
<span style="background-color: white; color: #222222; font-family: arial; font-size: x-small;"><br /></span></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-18275257942090673582013-07-02T06:50:00.000+01:002013-07-02T06:50:21.355+01:00Life in the Goldfish Bowl: Privacy in the Age of Government Surveillance<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
As each day goes by, there are new revelations of the scope and scale of government surveillance. I had long known or suspected that all governments engage in secret surveillance, but the Snowden revelations are opening our collective eyes to how vast these operations have become. The limits on government surveillance seem to be set less by law or ethics than by the limits of the technical infrastructure to collect, store and interpret data. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The entire privacy profession needs to re-think its priorities in the Age of Government Surveillance. How does our use and development of technology change if people come to feel (rightly or wrongly) that we are all just goldfish swimming in a bowl of government surveillance? How do we ourselves change, in a basic sociological sense, if we think we're being watched? Are we being watched?</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The Snowden revelations are already having significant political impacts. Already, European officials are threatening to abandon the proposed Europe-US Free Trade Agreement negotiations. Already, people and institutions are re-assessing their<a href="http://www.nytimes.com/2013/06/30/opinion/sunday/germans-loved-obama-now-we-dont-trust-him.html?pagewanted=all&src=ISMR_AP_LO_MST_FB" style="color: #1155cc;" target="_blank"> trust</a> in the US government. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Over time, I think we'll see a few long-lasting global trends as a reaction to these revelations about government surveillance (regardless of whether any of these actually provide for enhanced privacy or not):</div>
<div style="color: #222222; font-family: arial; font-size: small;">
<ul>
<li>There will be more development and adoption of encryption technologies, in particular, end-to-end encryption, and other privacy-enhancing technologies. </li>
<li>There may be a systemic decrease in trust and use of cloud-based services, like not trusting email with your sensitive communications. </li>
<li>There will be a series of initiatives to demand local-data-storage and to restrict international data transfers for cloud services, just as there are already calls to rescind the EU-US Safe Harbor Agreement. </li>
<li>There may be a series of trade-protectionist measures around the world in favor of local (i.e., non-US) companies. </li>
<li>There will be a series of criminal prosecutions, around the world, against companies and individuals, who will be caught in classic conflict of laws scenarios: testing whether their compliance with US legal obligations to comply with US government surveillance orders puts them in violation of other countries' privacy laws.</li>
<li>Finally, there will be citizen and civil society demands for increased government transparency and democratic control of surveillance programs, Some governments will respond and some will not.</li>
</ul>
<div>
For those of us who have a deep love for a free and open Internet, and a deep love for transparent and democratic government, it's all sobering. The ineluctable progress of technology means that the governments' abilities to capture, store, and analyze data will double roughly every 18 months, absent legal or political decisions to restrain it. </div>
<div>
<br /></div>
<div>
Some government surveillance is necessary and appropriate for governments to carry out their responsibilities to protect and defend their national security, but there's a reason John F. Kennedy didn't say: "Ich bin ein Ost-Berliner."</div>
</div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-69453934569569307502013-06-28T14:40:00.000+01:002013-06-28T14:40:01.228+01:00It Gets Better<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
If there's anything I've learned in this half-century adventure of life, it's that being gay is no private matter. In this historic week, when the <a href="http://www.latimes.com/news/politics/topoftheticket/la-na-tt-supreme-court-prop-8-20130627,0,4719511.story" style="color: #1155cc;" target="_blank">"Defense of Marriage Act"</a> was struck down by the Supreme Court, I salute all of those people who have had the courage to stand up, publicly, and say: I'm gay, I'm proud, and I demand equal rights under the law. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I applaud all of those people who surrender their privacy to tell their stories, to show the world their all-too-human faces. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
It takes great dignity to show the world your battered face, bloodied in a <a href="http://www.thelocal.fr/20130606/the-face-of-homophobia-in-france" style="color: #1155cc;" target="_blank">homophobic attack</a> on the streets of Paris. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
It takes great dignity to show the world your raw grief at the loss of your <a href="http://www.youtube.com/watch?v=pR9gyloyOjM" style="color: #1155cc;" target="_blank">partner</a>. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
It takes great dignity to walk onto the pitch as a professional <a href="http://www.euronews.com/2013/05/29/gay-soccer-player-starts-first-match-since-coming-out/" style="color: #1155cc;" target="_blank">sportsman</a> to come out. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
The world is a richer place for the magnanimity of these people. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Being gay is no private matter. As each new person finds the strength and confidence to come out, as the laws evolve to provide dignity and equality for all of us, and as more and more of us share our stories, like my colleagues at Google: <a href="http://www.youtube.com/watch?v=pYLs4NCgvNU" style="color: #1155cc;" target="_blank">It gets better.</a> </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-81866138692855164182013-06-18T08:41:00.001+01:002013-06-18T08:41:58.275+01:00Mirror, mirror on the wall, who is the ugliest one of them all?<br />
<div style="color: #222222; font-family: arial; font-size: small;">
Many years ago, a<a href="http://www.thelawyer.com/peter-fleischer-google/127727.article" style="color: #1155cc;"> legal journal</a> called me a man on a "crusade" to protect users' privacy against government surveillance. That was back in 2007, and since then, the scale and scope of government surveillance has increased dramatically, just as the total amount of data circulating on the Internet has too. I've been blogging about it for years: <a href="http://peterfleischer.blogspot.fr/2012/11/should-you-cover-your-tracks-from.html" style="color: #1155cc;">Should you cover your tracks from government snooping?</a>. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Government surveillance is a worldwide phenomenon. The purposes of government surveillance vary from country to country, from the conventional to the creepy: fighting crime, preventing terrorism, spying on political opponents, stealing trade secrets. In short, everyone does it. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
There's always been more focus on government surveillance conducted by the US government, compared to surveillance conducted by other countries. That's understandable, because the US is a big country, with big companies, and big technology resources, but also because the US is comparatively transparent about its surveillance programs and the laws governing them, notwithstanding the recent revelations about certain secret programs. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
Transparency is the best answer to worldwide queasiness about government surveillance. <a href="http://www.huffingtonpost.com/2013/06/17/apple-nsa_n_3453183.html" style="color: #1155cc;">Various companies</a> are already publishing data (to the extent that the governments let them) about how and when they respond to government requests. However, I'm not aware of a single government that publishes credible statistics about its own surveillance programs. Governments are not telling their citizens what or how much data they're collecting, why they're doing it, or how long they're keeping it. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
In Europe, it's become a parlour game to debate and decry US government surveillance programs. By contrast, there's far less debate or transparency about European government surveillance programs. I can't even count the number of EU Parliament debates about US government surveillance, but I can't remember a single meaningful debate in that chamber about EU governments' surveillance programs. Similarly, media coverage focuses heavily on US government surveillance, and rarely asks hard questions about what other countries are up to, aside from the routine Chinese-hack-a-day stories. And side-lined, the data protection regulators are largely excluded from scrutinizing their own countries' surveillance programs. One of the few exceptions, Richard Thomas, UK Information Commissioner some years ago, tried valiantly to raise the alarm about the risks of "<a href="http://news.bbc.co.uk/2/hi/uk_news/6108496.stm" style="color: #1155cc;">sleep-walk into a surveillance society</a>". More typical, when the French CNIL was created four decades ago, it focused almost entirely on French government data collection and privacy, but today, the CNIL has shifted its focus 180 degrees and focuses almost entirely on private sector privacy issues. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
We need more transparency about government surveillance programs, not just in the US, but worldwide. As unsettling as some revelations about the US programs prove to be, it's even worse to know almost nothing about what all these other countries are up to. I understand that a public scandal a day keeps media coverage in play, but the super-secret surveillance programs in Europe and around the world need scrutiny. Thankfully, some legal experts, including privacy scholars at Hogan Lovells, are adding <a href="http://www.hldataprotection.com/2012/05/articles/international-eu-privacy/hogan-lovells-white-paper-on-governmental-access-to-data-in-the-cloud-debunks-faulty-assumption-that-us-access-is-unique/" style="color: #1155cc;">sober analysis</a> of the <a href="http://www.hldataprotection.com/files/2013/05/A-Sober-Look-at-National-Security-Access-to-Data-in-the-Cloud.pdf" style="color: #1155cc;">global dimensions</a> of this challenge to an otherwise shrill and polemical debate. There's no hope of getting transparency about government surveillance programs in China or Russia or Turkey, but there should be vastly more transparency in democratic, privacy-sensitive countries like Europe. For example, we know almost nothing about what the <a href="http://www.spiegel.de/politik/deutschland/internet-ueberwachung-bnd-will-100-millionen-investieren-a-905938.html" style="color: #1155cc;">German spy agency collects</a>, and there's very little public discussion of it, despite Germany being one of the most privacy-sensitive countries on earth. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
I've spent many years advocating for privacy protections against excessive government surveillance, in a global context. For example, in 2007, I was blogging about <a href="http://peterfleischer.blogspot.fr/2007/05/sweden-and-government-surveillance.html" style="color: #1155cc;">government surveillance issues in Sweden</a>. Only governments themselves can provide real transparency. Asking a company like <a href="http://www.huffingtonpost.com/2013/06/17/apple-nsa_n_3453183.html" style="color: #1155cc;">Apple</a> to explain US government surveillance is like asking a fish to explain what the fishing boat is doing. </div>
<div style="color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="color: #222222; font-family: arial; font-size: small;">
First, we need more transparency from governments. Then, we can ask the tough questions: Mirror, mirror on the wall, who is the ugliest one of them all?</div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-86158932712036518172013-05-02T04:52:00.000+01:002013-05-02T04:52:13.975+01:00My favorite holiday photos, and a trillion others<div class="separator" style="clear: both; text-align: center;">
<a href="http://4.bp.blogspot.com/-d8CxWksJZx8/UYHiAgG_iyI/AAAAAAAAATI/u6eRX5ZCaug/s1600/switz+-+italy+trip+Aug+10+589.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="180" src="http://4.bp.blogspot.com/-d8CxWksJZx8/UYHiAgG_iyI/AAAAAAAAATI/u6eRX5ZCaug/s320/switz+-+italy+trip+Aug+10+589.jpg" width="320" /></a></div>
<br />
<div>
<br /></div>
<div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
The two-centuries-long evolution of photography has constantly pushed the boundaries of privacy. At each stage of its evolution, photographing the world has become easier, quicker, more mobile, more ubiquitous, more systematic, and sometimes more furtive. And in parallel, technology has constantly evolved, to make it easier to store, share, tag, identify and analyze photographs at great scale. Throughout the evolution of photography, privacy has always depended on social etiquette to regulate what people should and should not photograph, and should and should not share. </div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
Some places, like my swimming club, have long had rules against photographing. But all the rules in the world will do almost nothing, unless individuals exercize self-restraint in what they choose to photograph, or not, and what they choose to share with other people, or not. </div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
This process has been going on a long time, and it will continue. In the near future, can individuals lifeblog photos or videos of everything and everyone they see? Technology will enable it. Some people will love it. So, once again, the question will be how social etiquette evolves in parallel to the technological evolutions. </div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
In privacy terms, we generally look to consent from data subjects to legitimize data collection. But what about random people photographed in public places? Practically speaking, it's not possible to obtain their consent to photograph them. We live in a world with literally billions of people carrying cameras, built into small devices, with instant Internet connections. Our world is becoming more transparent: do the math, with billions of people, all snapping thousands (or someday, millions?) of photos. </div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
You can debate, and to some extent regulate, the collection of photos by large entities, like governments and companies, using drones or surveillance cameras, but you can't control what billions of free human beings will photograph and share. Over time, governments and companies will try to figure out how they can analyze these mountains of crowd-sourced user-generated photos for their own purposes. </div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
As always, expectations of privacy are heavily cultural. Technology will continue to evolve. Expectations of privacy will sometimes collide with the technology, and each will influence the other. Sometimes, technology will just be a few years ahead of the social consensus evolving to accept it. Sometimes, it will be a generation ahead. We're quickly moving from a world where billions of photos are published online, to a world of trillions. Technology will follow its ineluctable and unpredictable logic.</div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
As humans, we learn when it's rude to peep. That's a super-subtle human-cultural contextually-dependent evolving social convention. You can't (yet) teach a machine to know when it's rude to peep, or when it's rude to photograph someone's private moment in a public place. But you can teach fellow humans. </div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
<br /></div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
Smile!, as you think of 5 billion humans who will be roaming the earth photographing everything and everyone they see. </div>
<div style="background-color: white; color: #222222; font-family: arial; font-size: small;">
<br /></div>
</div>
Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0tag:blogger.com,1999:blog-6974997875021040765.post-26877512593501724232013-04-17T09:00:00.000+01:002013-04-17T09:00:01.182+01:00The Saga Continues...now to the Italian Supreme Court <span style="font-family: inherit;"><br /></span>
<span style="background-color: white;"><span style="font-family: inherit;">In December of last year, an Italian Court of Appeals <a href="http://www.nytimes.com/2012/12/22/business/global/italian-appeals-court-acquits-3-google-executives-in-privacy-case.html?_r=1&">overturned </a>my conviction—as well as that of two other Googlers—for violating Italian privacy law in a case that stemmed from a user-uploaded video. I was pleased that well-reasoned<a href="http://peterfleischer.blogspot.de/2013/03/a-glorious-day-for-free-internet-in.html"> legal principles </a>had prevailed, and was hopeful that that would be the end of this long saga. Last week, however, the Italian prosecutor appealed the Court’s decision to the Court of Cassation (the Italian Supreme Court). This case, unfortunately, is not over. In its appeal to the Court of Cassation, the Italian prosecutor asserts—in addition to arguing that employees like me can be held criminally responsible for user-uploaded videos that we had no knowledge of and nothing to do with—that platforms like YouTube should be responsible for prescreening user-uploaded content and obtaining the consent of people shown in user-uploaded videos. I, and the many others who have voiced their support, view this as <a href="http://peterfleischer.blogspot.de/2012/12/my-italian-appeal.html">a threat to freedom of expression on the Internet. </a> I’m disappointed that this case is not over, but continue to believe that ultimately justice will prevail. </span></span>Anonymoushttp://www.blogger.com/profile/09908660263905877338noreply@blogger.com0