http://news.bbc.co.uk/nol/shared/spl/hi/programmes/analysis/transcripts/05_0... _04.txt Please note that this is BBC copyright and may not be reproduced or copied for any other purpose. RADIO 4 CURRENT AFFAIRS ANALYSIS PROTECTING PRIVACY TRANSCRIPT OF A RECORDED DOCUMENTARY Presenter: Frances Cairncross Producer: Chris Bowlby Editor: Nicola Meyrick BBC White City 201 Wood Lane London W12 7TS 020 8752 6252 Broadcast Date: 05.08.04 Repeat Date: 08.08.04 Tape Number: Duration: Taking part in order of appearance: Saul Klein Former Adviser on privacy protection at Microsoft Jonathan Bamford Assistant Information Commissioner Caolfhionn Gallagher Privacy Lawyer with Liberty Peter Swire Law Professor at Ohio State University Former Privacy Adviser to Bill Clinton James Harkin, writer and researcher on social trends Alistair Crawford Chief Executive Officer of 192.com CAIRNCROSS: Got your mobile phone switched on? If so, then somewhere there is a stranger who knows where you are. The electronic networks that link us together in so many convenient ways also peer into our lives even when we don.t realise it. KLEIN: The way it is is that you are being trapped, you are being monitored, you are being watched. And technology has the ability not just to do all of that but, nowadays, to do it in a way where all of that data can be stored and managed and manipulated at incredibly low cost; and not just by government any more, but by private companies as well. CAIRNCROSS: Saul Klein knows lots about what technology can do: he used to advise on privacy protection for Microsoft, the world.s biggest software company. All this tracking, monitoring and watching is a thriving commercial business. Government does it too and this has enormous consequences for people.s privacy. Jonathan Bamford is Assistant Commissioner for Information, which means that his job is to help the British government think about how technology affects privacy. How valuable is it? BAMFORD: It.s something that people cherish. I think it.s something that we do need to safeguard. I think it.s important to recognise that privacy, rather like trust and confidence - once you.ve lost it, it.s very, very difficult, if not possible, ever to regain. It.s something we need to work hard not to lose in the first place. CAIRNCROSS: One of the most powerful symbols of intrusion into privacy has been the ability of the authorities to watch over us. In that sense, George Orwell.s Big Brother is alive and well, and gleefully acquiring all the latest gadgetry. There are close-circuit television cameras on almost every street corner, speed cameras, and cameras that monitor people entering London.s congestion charging zone. Caoilfhionn Gallagher is a lawyer with Liberty, a campaigning group on civil liberties, and follows the latest monitoring technologies. What are her current concerns? GALLAGHER: The first one would be a very high tech new x-ray system that.s been developed and it.s being rolled out across the UK. And essentially what it involves is a virtual strip search. And people are unaware that it.s happening, which is of course the problem with a lot of these technologies . that while people.s rights are being invaded, they.re actually unaware of it, which is extremely unusual. But it.s a virtual strip search without any of the safeguards that accompany a traditional strip search. And another good example would be a US one, which is thermal imaging technology; and thermal imaging technology can monitor from the outside of a building how heat is generated within the building. While that might sound quite mundane, it.s been used for law enforcement purposes in the US to check up on houses where it.s suspected that cannabis is being grown, for example. If cannabis is being grown, there.ll have to be very high heat lamps being used. And what US law enforcement have started doing is using that imaging to monitor a suspect.s house without actually going and getting a search warrant or going through any of the traditional safeguards. CAIRNCROSS: But it.s not just officials who use new kinds of hi-tech spying in special circumstances, to keep watch at airports or on potential crooks. Every day, in myriad small ways, people give up some privacy. One of the latest intrusions is the camera phone, which allows a stranger to photograph you and send your picture to somebody you have never met without your knowledge. Is this a new threat, or merely an extension of an old one? Peter Swire, a professor at Ohio State University, who advised President Clinton on privacy issues. SWIRE: The big threat of the camera has been a big issue, but it was really a big issue about 1895 and that.s when Justice Brandeis, who later became Justice Brandeis, wrote his Right to Privacy article in the United States. He was worried about the cameras that were being used to look at the upper class people in Boston, and he thought this was a terrible threat that people walking down the street or being in their back garden could be taken pictures of by these cameras. The conclusion he came to is that we needed to have legal protections for privacy and called that The Right of Privacy, which he later called .the most precious of rights, the right to be let alone.. But then in the last period of years, we.ve really tried to figure out what it means to have information privacy or data privacy or what in Europe.s often called data protection. And I think the issues you.re asking about are really what about this data protection, how are we going to come up with new rules for our electronic age? CAIRNCROSS: What is different about this electronic age is the way that ever more powerful computers can process not just your image but also all kinds of other personal details. Your name and sometimes your face is already on any number of interconnected databases. When you use a plastic card to make a purchase, or go to a web site on the internet, or make a phone call, your movements will usually be recorded. Ring a call centre for a personal loan, and your name and address will swiftly tell the operator about your existing debts. How worried should we be about this loss of privacy? And can it be halted? Or should it be accepted as the price we pay for enjoying new technology.s potential to link us instantly with the world around? For example, mobile phones allow lots of people to reach you . and some to know where you are. James Harkin wrote a recent report for Demos, a think tank, called .Mobilisation., in which he celebrated the potential of life linked into new mobile networks. HARKIN: I mean it.s already possible, presumably, for you to pass a local retailer and get an offer of twenty percent off discount goods. If we could have location best services sent from local museums, places of historical interest, really all we would be doing would be completely re-mapping the city. CAIRNCROSS: I don.t think I want very much to be telephoned as I.m walking past a store and told there.s a special offer there. Are there other kinds of service that people are already using that rely on the fact that somebody knows . the mobile phone knows where they are? HARKIN: In Scandinavia and in Japan, you have services whereby young people can pass along street corners and they can be automatically hooked up via location based tracking to someone who meets their personal profile for the purposes of dating or finding a friend. CAIRNCROSS: So if Mr Right is just around the corner, your phone rings and tells you? HARKIN: Indeed - if you want that, of course. All of these things have a switch off mechanism, so people shouldn.t be too afraid of what they might find in a shopping mall. CAIRNCROSS: All these delights are available only to those who want them. In Britain, unlike some other countries, blue-jacking . using a technology called Bluetooth to send unsolicited messages to mobile phones . isn.t allowed. Companies that want to send advertisements to your mobile must first secure your consent. We may be happy to give up a bit of privacy in exchange for finding a bargain or a boyfriend. But the technology potentially changes not just our relationship with people who want to sell us things. It could also change the relationship between parent and child, and between boss and employee. Take, for example, the services offered by 192.com, a company whose main business is directory inquiries, but which is branching out to offer ways for people to track a mobile telephone on the internet. So a parent can locate a child, and a boss an employee. Alastair Crawford, founder of the company, is thrilled by the possibilities. CRAWFORD: We can track a mobile phone even if it.s not in use. As long as the phone is on, we can track it every minute of the day . in rural countryside, in cities. And, for example, in London we can track it right down to if somebody was in, for example, Earl.s Court Exhibition Centre, we can know they.re in that building. In rural countryside, it.s a little bit wide . I mean we.d know what hill they.re on. CAIRNCROSS: Now that.s wonderful if you.re a parent worrying about your child. But another usage is for companies to track their employees. And I think you suggest it is a way of making sure that your employee is secure if they are late returning to the office, but you and I know that what employers really want to know is is the guy in the pub or is he doing what he.s supposed to be doing. CRAWFORD: Yeah. CAIRNCROSS: The employee, presumably, doesn.t necessarily consent to being on the receiving end of this tracking system. Isn.t that a bit problematic in privacy terms? CRAWFORD: Well what we.re doing is we.re actually sending messages on a regular basis to phones to make sure they continue to consent. The employee would then receive messages saying that that phone is being tracked. He needs to know that that phone would have to be the company.s property, so really you know another way of looking at it is saying the company has a right to know where their property is. Obviously this is tracking which is during office hours, and it.s all been approved by the Information Commissioner who.s studied it very closely. CAIRNCROSS: On one estimate, 40,000 employees are now tracked this way. How far employers can invade the privacy of their employees is an especially tricky area for debate. The technologies now used in many workplaces allow all kinds of surveillance. The rights and wrongs are much less clear-cut in people.s minds than issues about privacy in the home. Because it.s an area that people haven.t thought about much in the past, the Information Commissioner.s Office has been working on new guidelines. So where does Assistant Information Commissioner Jonathan Bamford think that bosses should draw the line? BAMFORD: I don.t think that I would subscribe to the view that when you walk in through the front door of the office or the workplace in the morning that you give up all your rights to privacy. There.s no way that an employer should know everything about your affairs, I don.t think. The question is where.s the balance struck? If you.re using the employer.s resources for certain activities, I think it.s right they have some interest and control over those. If you.re going to damage the reputation of an employer by your actions in some way, it.s right that they have some interest in that. It.s where.s the balance struck. I don.t think it.s sensible from either party.s point of view to foster mistrust and create problems there as a result of some heavy handed monitoring system. CAIRNCROSS: Whatever the reservations about monitoring workers, tracking technology is advancing rapidly. It has all kinds of potential uses. Minute electronic tags placed in products will make them . and their users or owners . more traceable in the future. The government is thinking of using tracking much more extensively to keep tabs on offenders or perhaps even on asylum seekers. All this, argues Peter Swire, makes the defence of basic privacy principles in this area especially important. SWIRE: To start with an assumption that tracking is the norm, I think leads to the powerful to remain too powerful. People start to be chilled in how they feel they can express themselves, where they feel they can go. If they go to the wrong store or the wrong neighbourhood now, it.s on their permanent record. I think that could really affect the sense of freedom in a free society that we.d like to have. CAIRNCROSS: An increasing problem in privacy protection is the blurring between official and commercial information, as public databases acquire private uses. People who supply information for one purpose aren.t aware that it might be used for another. If I want to find out where you live, then even if you are ex- directory and not in the phone book, you will probably be listed on some electronic database if you.re on the electoral register, or if you are a company director who has to register a home address. True, you have some opportunities to block this kind of searching if you know it might happen, and you can also discover who has been searching for your information. But people don.t submit their details to the electoral register or to Companies House in order to help strangers who want to track down their address. Some companies recognise that they need to impose restraints of their own on the exploitation of customer information. Saul Klein now runs a DVD rental company called Video Island that does just that. KLEIN: One thing that is clear to a lot of companies born in the last ten years is that data and privacy is predicated on the notion of, one, is informed consent; and, two, the notion of value exchange is that if you.re asking someone for a piece of information then you have to be giving them something valuable back in return. You.ve got to be personalising their experience for them, you.ve got to be you know sending them an airline ticket, you have to be performing some kind of a valuable transaction. CAIRNCROSS: Over at 192.com, Alastair Crawford is not surprisingly keen to emphasise the valuable transactions that he has to offer his customers in exchange for their loss of privacy. CRAWFORD: People generally you know are not looking up people for anything other than good reasons. You know people are looking up old school friends, they.re wanting to check that you are who you say you are. They.re looking for evidence that validates the information you.re giving us. So I mean almost all the applications are good applications. When people remove themselves from the electoral roll it.s harder to get credit, it.s harder to prove who you say you are, you know. And why are you doing that? I mean you know removing oneself from the electoral roll is the sort of thing that fraudsters do and terrorists. CAIRNCROSS: But there.s an assumption that if you want to protect your privacy you must be a fraudster or a terrorist, isn.t there? CRAWFORD: Not at all. You know your name and your address is hard. it.s not private. I mean your name - it.s not biological data, it.s not sort of your medical files or your private financial information. You know people get confused between privacy as in terms of you know what happens inside my house or my bank records and so on and so forth with you know simply my public label of who I am and this is where I live. It.s a basic database which the economy needs in order to function, which people need because people need to get in touch with people. CAIRNCROSS: The problem is surely what happens when information that has always been publicly available, such as the electoral register, is put on an electronic database. Searching it becomes immensely fast and convenient. So it.s suddenly available to many more people, for many more uses than before. Once a technology exists, it.s tempting to use it. And the uses for a new technology may not be apparent until some time after it.s been invented. The astonishing popularity of sending text messages from mobile phones caught the industry totally by surprise. And only belatedly did Samsung, one of the big manufacturers of camera phones, wake up to the fact that they could be used for industrial espionage. It.s now banned them from its offices. The response of Scott McNealy, boss of Sun Microsystems and one of the most outspoken figures of Silicon Valley, to the challenge from electronic devices was famously blunt. .You have zero privacy,. he said. .Get over it.. Does Saul Klein, who once worked for Sun.s rival, Microsoft, share that view? KLEIN: You know what Scott McNealy said is completely glib. It.s not a case of get over it. I would say it.s a case of understand it, engage with it, help to sort of shape the environment and the implications of it. I think you know the key issue here is that regulation or regulators. knowledge and understanding of these issues lags well behind people.s use and technology.s ability to sort of bring forward some of these issues. What.s happening here is that people.s access and technology.s ability is moving far faster than either companies or governments. abilities to shape and regulate. CAIRNCROSS: Once the astonishing innovation of recent years settles down and we all grow used to the implications of electronic novelties, we.ll be better able to think up ways to deal with the issues they raise. One question much discussed in the high-tech world is the extent to which electronics can both undermine privacy and paradoxically protect it. Saul Klein thinks such principles might be broadened. KLEIN: In any regulated environment, you have your private space but you cede elements of access and control to that private space to other people or to companies or to institutions, and that.s just the nature of living in a society. What privacy technology.s allowing you to do is to decide who you want to share that space with. I think what the internet has created is a sense of personal space that is not necessarily physical. It.s a space that is remote from you, and that can be a place where you store your photos on the internet, it could be a place where you store your e-mail, it could be a place where you store all your correspondence. And then the question is who do you trust to help manage or control access to that personal space? CAIRNCROSS: Does that mean that the protection of privacy from the activities of nosy companies can safely be left to the market? Can people be left to choose how far they want to live in the backwoods and how far to enter the intrusive electronic world? Jonathan Bamford. BAMFORD: There.s self-interest for business and for governments in having the confidence of the people who they.re doing business with, but I don.t think you can just leave it to chance. I think we need data protection laws and regulatory bodies like the Information Commissioner to supervise the legislation to make sure people comply with it. I think in other areas, such as the US where they don.t have general data protection laws, you.ve seen companies there seeing the competitive advantage out of having strong privacy policies. But I think really we can.t just leave to chance the protection of privacy as a commercial advantage. I think we need at least a bottom baseline in data protection law to make sure that privacy.s not just for the virtuous; it.s actually for those who are required to comply with laws as well. CAIRNCROSS: For a regulator, perhaps that.s a predictable response. But it highlights one regulatory problem: the different approaches of different countries. The internet has little respect for national boundaries. But the legal treatment of privacy varies on the two sides of the Atlantic. Peter Swire has written a book comparing the European and the American approaches. SWIRE: The European Data Protection Directive, which went into effect in 1998, begins with the idea that basically all data in the commercial sphere, all data that.s being out there ought to be under a legal regime, and that legal regime has data protection commissioners . the registrar in Britain and so on. So this has an idea that there.s a comprehensive legal scheme. In practice, it.s gone somewhat well, in many instances, but probably lots of individual companies, lots of individual databases get operated without people being too darn careful about how they.re complying with the directive. The American approach has been quite different. There.s been a real reluctance to pass a comprehensive law. There.s been a fear, a sort of American laissez-faire approach - a fear that that would be too regulatory, would get the government too deep into people.s affairs. CAIRNCROSS: Do people really care about this issue? Is it something that worries ordinary folk or is it something that mainly worries campaigning organisations or individuals who.ve had particularly bad experiences? SWIRE: I think it worries ordinary folks. Leading up to the year 2000, the Wall Street Journal did a poll that asked what Americans feared most in the coming century, and the answer that got the biggest response, even ahead of global terrorism and such things, was erosion of personal privacy. And so I think that shows a widespread concern that somehow our sense of being is under assault from all these changes. Somehow we need to find ways to balance the power so individuals have a sense of freedom in the future. CAIRNCROSS: But today, people worry a lot more about terrorism than they did in the innocent days of 2000. Since the horror of 9/11, governments under pressure to fight terrorism are likely to use any weapon available, including the tracking and monitoring techniques that the private sector has developed for financial gain. Does this mean that governments are a bigger threat to privacy than private companies and their customers? Caoilfhionn Gallagher, privacy lawyer with Liberty. GALLAGHER: I think there are very large distinctions between government privacy issues and corporate privacy issues. Firstly, with a corporate privacy issue, you have a choice. You have a choice when you go into Sainsbury.s whether or not to actually go ahead and get a reward card, and you can weigh up yourself whether a potential impact on your privacy is worth you getting say a bottle of wine every three months at a lower price. However, when you.re dealing with government I think there.s very different concerns because in relation to government use of this data, the citizen doesn.t have the same kind of bargaining power that the Sainsbury.s customer does or that the mobile phone customer does because essentially you.re in a contract which is binding and from which you can.t escape. And quite often the expansion into the private lives of citizens, because it happens in an incremental way and often the information seems quite mundane, people don.t seem to realise quite what.s happening. It.s a moment of epiphany in which people realise that there.s a shift from a private society to a public one and so on, or to a transparent society, but it.s kind of being nibbled away by degrees. CAIRNCROSS: And often with popular consent. The fear of crime, and especially of crimes such as the Soham murders, creates a clamour for measures that nibble away privacy even further. When people say, .Nothing to hide, nothing to fear., you know that they.re trying to justify such measures. What does Caoilfhionn Gallagher make of these arguments? GALLAGHER: Obviously the implication of the theory of nothing to hide, nothing to fear is that privacy is a right which protects the guilty; privacy is a right which protects Ian Huntley rather than a right which protects the average, ordinary, law-abiding member of the public. But I think that that rationale is deeply flawed and that the average law-abiding citizen does have much to fear actually from privacy invasion . not because the citizen intends to do anything wrong or has done anything wrong, but I think that the state should assume that all individuals have nothing to hide unless it has a specific compelling reason to believe otherwise. SEGUE CRAWFORD: If you look back at the days when the phone book was first put in payphones in every street corner for anybody to look in, people were initially shocked at that idea. But actually this is the difference between perceived fear and real fear and everybody.s very concerned about eroding privacy. So it.s a very tough balance and, as we.ve seen in the past, that balance has moved. I mean five years ago, you could never have tracked a mobile phone; but then after the Soham murders, you know people now realise that there.s an enormous demand. Parents want to know where their children are. If their children don.t come home in the evening, they want to go to the internet and see where the mobile phone is. It.s completely secure. Society now demands a new balance. And in future that balance may change again. We have to just have to be responsive. CAIRNCROSS: Alastair Crawford. Others also think that the threat that new technology poses to privacy is greatly overblown. James Harkin believes that it springs from a mixture of anti-technology phobia and social panic. Take, for example, the fear of mobile phones as portable spy cameras or sinister tracking device. HARKIN: There seems to be huge and very needless social panic surrounding mobile phones, which say much less about mobile devices than they do about ourselves. Now I don.t know of any case so far in Britain of mobile tracking being used by a paedophile, I don.t know of any case in which a paedophile has used a picture message to photograph a child. And yet in February 2003 when these devices were coming on screen, you had these charities calling for a ban on picture messaging or limits on location tracking technology. And there were really no instances of this happening. I think that says quite a lot about our rather Luddite approach to new technologies . that all we can think of is that paedophiles might want to use these things. CAIRNCROSS: That note of caution may be justified. But few people imagined, in the internet.s early days, that criminals might want to use it to abduct youngsters or that teenagers might use it to view pornography. There have been some unpleasant surprises for advocates of new technology in the way that some choose to apply it. The big question is, are people prepared, in the name of privacy, to restrict the use of technologies that many find beneficial, or even liberating? Peter Swire thinks that public concern for privacy will assert itself as it has in the past. SWIRE: In the 1960s the big fear was that lie detectors would become part of the daily life of the workforce, but as a society we.ve decided we.re simply not going to do those kind of lie detectors, we.re not going to let the boss do that as part of the daily routine. And I think we.ve decided for internet surfing that at least the internet service providers in the United States do not keep track of every website I go to. That was a business decision that people wouldn.t use the net if they were being tracked. So I think periodically, but significantly, we have these victories. We carve out a space where surveillance isn.t going to happen. And privacy.s the word we use for these debates for this era . how we.re going to fight back, how we.re going to create a balance of power that leaves us with a sense of a free society. CAIRNCROSS: The trouble with Professor Swire.s optimism is that one of his examples, foregoing lie detection, may merely reflect the inadequacies of 1960s technology. As the electronic kit gets better, the temptation to use it will increase. Insurance companies are already experimenting with electronic means to discover if people who phone them with insurance claims are telling the truth. And most of the important websites you visit will discreetly leave in your computer an electronic calling card that says you have been there. So what can society do to reconcile the efficient use of new technologies with the traditional idea of a private life? Regulator Jonathan Bamford. BAMFORD: I think we have to recognise the fact that if people want to live lives the way they choose to, exploiting modern technology like the internet, like using mobile phones, all those other things which people see as bringing benefit to their lives, there.s potentially a danger there that enables their transactions to be tracked, recorded. I think the important thing is that whilst that potential for privacy.s been eroded, that actually there is a robust data protection regime which essentially provides that element of space for individuals, so there.s not an unwarranted infringement of their privacy. If a mobile phone record is necessary to deal with a very serious crime like a rape or a murder, then that.s something which I think as a society we.d accept there.s a warranted intrusion into people.s private lives. But that isn.t the same as that information being fair game more generally for commercial purposes or more generally for government purposes. CAIRNCROSS: Self-restraint in the use of a powerful new technology is incredibly difficult. Imaginative regulation is certainly worth a try. But, if monitoring and tracking bring benefits, to commerce or to public safety, there will be huge pressure to use it. The limits on personal privacy have shifted permanently. We.ve left the relative anonymity of the 20th century free world and we.re returning to the days of the village, where everybody knew a lot about what everybody else was doing. But, whereas it was possible then to escape the village and hide from view, now we may no longer have that option . at least, not if we want to take full advantage of the benefits of the electronic world. 13 -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07078, 11.61144 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net [demime 1.01d removed an attachment of type application/pgp-signature]