Here are my running notes of the Lift conference in Geneva. This is Privacy vs. Freedom of Speech, Law enforcement and the internet (Alexander Finger). May contain errors, omissions, things that aren’t quite right, etc. I do my best but I’m just a human live-blogging machine.
Found other good posts about this session? Link to them in the comments.
View presentation slides.
Google data requests and removal requests. Alexander tried to normalize the data (per million connected, etc.) Huge number of data requests per million connected in Brazil (59.3) and the UK (25.5). Explanation for UK: well organized, so when you ask for data you get it. France (24.2), Germany (8.7) — maybe a language issue.
Now, removal requests: very high in Armenia (53.4, but very low internet penetration). Brazil (4.7) and Germany (3.6 — if somebody writes something about you that you don’t like, you can go to court to have it taken down).
Alexander now works for Billag, but was the IT manager for Swisscom before — this talk is more linked to this previous position.
*participants introduce themselves and say a few words on what they think about privacy; consensus: it’s complex; me: I’m starting to be sick of hearing about it and being asked to talk about it*
Two days ago: myth of a disappearing privacy (it’s being redefined, actually) vs. start of the post-privacy era. One big issue for Alexander: forgiveness. *steph-note: one issue here, the link between forgetting and forgiving*
Alex thinks that Christian made the post-privacy thing a bit easy.
Issue, particularly for young people: we’re defined by others’ expectations of us, and all this online presence prevents us from “cutting loose” or “starting fresh”.
*from now on, we’re talking quite a lot, so my notes are fragmented and also contain ideas that pass through my head*
Maybe the most important thing is not how much information about you is available online, but how consciously you are doing it, and how aware you are of the implications.
Logfiles. When you send an e-mail or load a web page, the server knows stuff about you. Some browsers allow you to spoof info.
Problem: colliding information. Putting things together.
Being public about the fact you’re at a conference can let ill-intentioned people plan a break-in at your appartment, but they don’t know if there is a cat-sitter there, and also, your neighbours might also have this information and call the cops if they hear noise when they know you’re supposed to be away.
Privacy: the ability to reveal oneself selectively.
Bothering: people indexing sites who merge different people with the same name.
Drowning out information online with fake information.
European Convention on Human Rights: right to privacy.
Freedom of speech. In practice, it’s not absolute in any country, and subject to limitations.
Law enforcement. If you create an organization it will strive to keep itself alive. More policemen => more crime. Definition of crime changes with time. Our level of freedom is becoming narrower.
With the internet, it’s less easy to prevent unwanted expressions from being publicized. You could forbid printing and forbid selling.
The traditional strong influence of governments on communication is fading. It’s not a public service anymore. (In Germany, in particular => one of the reasons it’s been “behind” with the internet at the start.)
Importance of the liberalization of telecom.
Laws don’t normally address a specific technology. New technology is not a legislative but a law enforcement challenge.
Freedom of speech collides with privacy. Wide terms!
Is an IP address personal data? Personal data is subject to privacy. In Germany, if somebody publishes something and then is asked to take it down, then he is assimilated to being the person who *said* it => which is why so many takedown notices succeed in Germany.
Expressing an opinion about a business or a product can infringe the right to freely exercise that business. Hard to navigate between opinion and factual statement. A false factual statement does indeed infringe the rights associated with the business. (In Germany.)
It’s a hard world to navigate for companies! They don’t give a sh** about our privacy. When they are challenged to hand out user data, they make a risk assessment. Competing rules: Penal prodcure code and Penal law vs. Privacy Laws and Penal law. The prosecutor could ask the company to be a witness and hand over information. You can only refuse to be a witness if you would expose yourself to prosecution. (See where this is going?) If a company refuses to be a witness, you can be arrested, subjected to a fee etc => for a company, this is carried out on the managing director.
If the company agrees to be a witness, but refuses to talk, obstruction of justice, up to five years or fine (still the poor managing director).
So, not answering questions can lead to personal arrest and fines, and upto five years in prison. *steph-note: see why they hand over your data?*
Companies need to balance this pressure with the cost of violating somebody’s privacy: upto five years for violating secret of telecommunication (law created to prevent eavesdropping); data capture = two years or fine; illegal collection or mishandling of data = fine up to 50/100K€.
Alex: there is nothing new here (it’s just new to us because it’s the internet, but the laws are general).
Highly unlikely that any company would be punished for violating privacy, because they would have handed out the data *in good faith*. They didn’t do it to benefit financially. Choice: go to jail or pay a small penalty => they choose to hand over the data.