Thursday, July 12, 2012

NetHui Part 5 - Jurisdiction

And finally, I'm back to the start of the day. Actually, I'm going to combine 2 separate sessions into this post as they were related. Ha! That's got to be a record for me. 5 posts in a day.

One of the keynotes (the other keynote for today doesn't bear speaking about - it was lip service to the fact that there was a conference about the Internet going on. So glad the Mayoral office put someone up) was an American woman, the former U.S. Federal Trade Commissioner, Pamela Jones Harbour talked about how there are efforts to clean up privacy laws multinationally.

What was really interesting was the fact that Google, Facebook and Twitter had all received penalties from the FTC for breaking their own privacy policies. In the case of Google, it was during the introduction of Google Buzz. I remember it - I suddenly found a plane showing the names of a bunch of people and we'd discussed how to disable this annoying thing that had suddenly shown up in our Gmail pages which we'd never enabled. Anger and frustration that we had to opt out...

There was also a lot of talk around 3rd parties (those that the data won't be shared with) and affiliates (those who that data will probably be shared with). I've never really understood the difference. It's a tighter tie. Google has over 60 different services/affiliates with which it can share it's data with without breaking it's privacy policies (the situation is worse than you may think having just read that figure. Remember the unification of the privacy policies?).

She also stated that the Internet is the 5th largest industry (though I can't find any figures to back this up). Assuming that this is true, we'd have to take it as a primary industry. i.e. oil, gold, coffee, coal etc. The term "data mining" seems oh so very apt. Instead of the earth being dug up for these things, it's us - our information, that's the resource being sought.

Let's think about that for a second.

Someone pointed out that she didn't have to have a Facebook account for a picture to be tagged as her (and no recourse to get it removed or untagged) - even though she's avoided ever having put a picture in public online.

Every time I get on a bus I swipe a convenient card which records where I got on and where I get off. This information is visible to me so I know it's been collected.

Google knows my phone habits - who I call. Given their unscrupulous nature (i.e. recording information on wifi routers when doing Street View drive bys), they probably also know how long each phone call was. This is over and above my cellphone service provider who also collect this information (otherwise how would they bill for it?).

Advertising companies everywhere can probably paint a fairly accurate picture of which websites I visit and when given the use of cookies.

My cellphone is also a GPS device which is quite capable of recording where I am and when I was there. How do I know this information isn't being synced to my ever so convenient Google account? Remember - Google were in trouble for breaching their own privacy policy.

A couple of years ago I went to a meeting where a "service" had been described as a bad idea on steroids. Basically twitter for your credit card. It's possible to track credit card purchases.

So much information! And those are just the ones I know of or suspect! Remember what I was saying about corporate creepiness?

It's all very nice that the FTC seem to be moving to tighten up the privacy around these services, but, I'm in New Zealand. And let's face it - it's all moving rather slowly. These penalties were received well after the act. What interest does the FTC really have in protecting the privacy of New Zealanders?

There was talk about negotiations for an international privacy framework. While it seems like a good idea, there are concerns. Firstly, it's unlikely to be negotiated in a transparent way (I believe it is currently in the works though I can't remember the "letters" for this one). Secondly, there's always the risk with such international treaties that the U.S. will flex it's "Intellectual Property" muscles and slip other, further reaching, clauses into such an act under the guise of privacy.

When asked about the U.S.'s bargaining power in relation to New Zealand's and how New Zealand's best interests can be protected in such an act, Pamela flattered (read: "politicianed" her way through without answering the question) New Zealand in saying that we were one of the most outspoken during negotiations and that Marie Shroff's input was respected.

So we come to jurisdiction. How is bad behaviour handled on the Internet? In New Zealand we are looking at a Communications Minister and a Communications Commission. This would be a lower court designed around being cheap and speedy. The question is, what constitutes "bad behaviour" severe enough to go to this court? What remedies, given that the crime has already happened, and it's very hard to take content off the Internet once it's out there, would be available to such a court?

I can't help but bring up an example of something that could be considered defamatory in the course of this presentation. The host, Judge David Harvey, said during the course of the session:
The problem is not technology. The problem is behaviour. We have met the enemy and he is us.
This was tweeted. Right now I can throw the following terms into Google: "judge david harvey the enemy us" - and the first hit leads to a tweet that says:
We have met the enemy and he is the US
Sound like defamation? Given his dealing with the Kim Dotcom case, this could have some interesting consequences.

Just a note about the quote. It's an extension of a Pogo quote (a comic strip done by a man by the name of Walt Kelly).

To be completely honest, the session was scattered. It jumped around. There was no cohesive discussion going on. What it did bring up though was that the jurisdiction of such a court is problematic. Extraditions on people outside of New Zealand who are breaking NZ laws under our requirements? Take down orders - fair enough. But what if the accused doesn't comply? If the server is outside of NZ jurisdiction, what recourse does this court have to have that "information" removed?

Let's face it. We're in the age of the cloud. There are no longer any easy answers and the physical jurisdictions no longer really apply. So how would/should these issues be tackled?

Amendment 15/07/2012
Apparently Judge Harvey did substitute in "the US" into that quote during a panel discussion. Oh - and he's become a bit of a hero for me (if only I could get him to now wear a cape). I was saying to a friend today that I want to be Judge David Harvey when I grow up.

No comments:

Post a Comment