CILIP North East debate on Thursday, 23rd March, 2017, at The North of England Institute of Mining and Mechanical Engineers, Newcastle upon Tyne.
Chair: Dr Biddy Casselden, Senior Lecturer, iSchool, Northumbria University
Proposer: Ian Clark – subject librarian at East of London University and co-founder of Voices for the Library
Seconder: Alex Haydock – recent law graduate, specialising in technology and internet law. Organiser for North East section of the Open Rights Group, and works together with CryptoParty Newcastle
Opposer: Robin Smith - Head of Cyber Security of Yorkshire Police (unable to attend)
Seconder: Peter Dinsdale – experienced Data Protection office, currently working in the Information Security Team at Newcastle University.
Ian Clark opened the proposal of the motion by mentioning CILIP’s 12 ethical principles, focussing in particular on two of these:
Principle No. 3 – “Commitment to the defence, and the advancement, of access to information, ideas and works of the imagination”
Principle No. 8 – “Respect for confidentiality and privacy in dealing with information users”
This implies that people should be able to access information freely without being subjected to mass surveillance. In differentiating between mass surveillance as opposed to targeted surveillance, Ian presented the argument that if ‘you are up to something, they will get you anyway’ whether users’ privacy in libraries is protected or not. He identified a key negative aspect of surveillance in that it is now very difficult for researchers looking into terrorist behaviours to find the information they need to try and understand and analyse these behaviour. Such research cannot be conducted without using terrorist related terms, which immediately attracts surveillance attention and potentially results in the blocking of key sources of information. Privacy concerns were also mentioned with regard to data being vulnerable to hackers and criminals. Ian a survey conducted in 2015 in which 32% of those surveyed said they would pay for better personal data protection, while 72% said they were concerned that their data was not secure enough. Ian noted that post-Snowden there was a 20% reduction in page views relating to terrorism. Ian gave some US examples alternatively of jailing for refusing to testify against Vietnam War activists (Zoya Horn) and also a case of refusal of gagging orders (George Christian). Ian saw the library services as including enabling its users to get online and in a secure way, where users are shown how to protect their data online.
Peter Dinsdale, originally the Seconder for the opposing side, but due to the absence of the Opposer, was given more time to present the opposing side’s argument. He said he didn’t buy into the argument that if you have nothing to hide, you have nothing to fear. He argued that privacy is “not a binary decision”; that it hits all levels of society, and that it was up to society to determine where to draw the line between privacy and security. At the moment, he argued, privacy is an arbitrary word, based on random choice or personal whim. He argued that the motion suggests that only absolute privacy is acceptable and that this is not realistic. Privacy, like freedom of speech, is, according to Peter, a qualified act. Privacy cannot be seen as a primary right – ‘it plays second fiddle to security issues’. Peter outlined the legal developments of rights to privacy and protection as identified in the European Convention on Human Rights, identifying the qualifiers where exemptions are allowed, similarly under data protection law, thus further promoting the argument that you cannot have absolute privacy. He mentioned that even the watchdog, Privacy International, is not trying to promote total privacy. The new Prevent Duty law, qualifiers to Freedom of Speech rights, the Investigative Powers legislation, are all mentioned as showing that privacy cannot be absolute. Even the duty of confidence, it seems, can be overwritten. Peter concluded by stating that the law about qualifiers to privacy rights are not arbitrary and that there is adequate provision to ensure that they laws are not abused and privacy safeguards are enshrined.
Alex Haydock, the Seconder to the debate Proposer also moved quickly into the legal arena, but from the viewpoint of demonstrating the risk of powers which are too wide, relying on internal safeguards, but risking an autocratic and arbitrary approach to the handling of data. He mentioned the Investigative Powers Act of 2016 with its wide-ranging powers for government and NGOs to collect data, even though it claims that only targeted interception is justified. However, telecommunications providers are required to store user data for no longer than 12 months, but it’s still a massive amount of data. Alex identified the range of potential data that could be collected, which could results in leaked data, or misuse of data; book lending history or video rental history and/or internet browser history is already a huge of amount of data that could potentially be vulnerable. Pervasive monitoring and mass surveillance were seen as an attack on rights to privacy. Alex concluded by stating that librarians and libraries should lead the fight; they should stand up and teach individuals how to protect their own privacy.
Questions were then asked of the two sides, from the audience.
The first question was about the concept of libraries being neutral spaces, where people don’t feel afraid that they are being watched in terms of what they take out. Ian Clark, the proposer argued that the library spaces are not free as users’ activities are still monitored. Again the difficulty of being able to safely conduct research on extremism was mentioned.
Algorithms applied to data sets came up next for discussion with the response from the proposer side that ‘data existence is a risk’.
The problem of government surveillance tactics attracted the comment that while there may be trust in government’s handling of our data today but that might not be the case tomorrow.
The next question was about what we should do if we think the surveillance has too far. The first comment was to write to the local MP. Peter Dinsdale talked about lack of engagement and the need to encourage more engagement in the democratic process.
The next question drew quite a seesaw of remarks from both the proposing side and the opposing side. The question was why is the responsibility for handling data the responsibility of the telecommunication service provider and not the government.
The opposition, Peter Dinsdale, argued that this was due to lack of money and that the ‘government doesn’t have the greatest record with IT’ therefore it’s a risk. It was further stated that privacy policies shouldn’t be driven by security and that organisations should simply have better systems of protection in place. Peter also asked the opposing team about the ‘chilling effect’ (where rights such as freedom of speech may be reduced due to fear of negative outcomes from exercising those rights). He also asked the opposing team about how can metadata be safe as it is not encrypted.
Ian Clark, on the proposing side, felt the responsibility in relation to protection shouldn’t be limited to librarians but other services too. He also queried whether the provisions of the Freedom of Information Act were strong or transparent enough or whether it was unfairly maligned. He mentioned that information requested was disposable to the public unless there was a good reason not to do so – although this did not mean that ‘privacy was in the bag’.
In response to Peter’s question about the chilling effect, Alex Haydock on the proposing side, referred back to the point about how it can be difficult to conduct research in certain areas and get good correlations, and that this carries the risk of stifling.
With regard to the question of metadata, this was identified as problematic although it was emphasised that the content of the message itself could not be read and therefore was still protected. Ian Clark stated that libraries are public educators, who can help users understand how to protect their privacy. “Why not teach privacy and safety?”
Then came the summing up by the debaters –
Ian Clark, on the proposing side, brought in figures form a survey in which 43% were opposed to restrictions on encryption while 29% supported theses. Demand from the public to learn more is growing. This is argued as a way to reduce the digital divide and improve inclusion (including showing how to stay safe). With regards to encryption and terrorism, it was noted that in the case of the Brussels and Paris attacks, no encryption was used.
Peter Dinsdale, on the opposing side, believed that the key was digital literacy; also that mass surveillance requires some legislative control and whether this is a good thing at all is a moot point; society decides where to draw that fine line between protecting privacy and ensuring security and safety. He concludes with his theme idea that privacy is a qualified right not an absolute right.
The chair’s summary of the three debating speakers as follows:
Ian Clark brought in the two CILIP ethical principles, gave a brief history of some of the librarians who had been locked up for not giving information. He explained why the issues are important, that there is a difference between mass as opposed to targeted surveillance (the state will get you anyway); that protection of data and privacy is not a new and radical idea; a clear concern about data theft and ignorance about how to protect yourself was identified; that librarians need to tackle users’ lack of confidence in protecting their data and that librarians need to help them learn how to do so.
Peter Dinsdale believed that privacy is not a binary issue, that society has to decide where to draw the line between privacy and security, conventions and laws needs to be considered including the new Prevent Duty, qualifiers to rights of freedom of speech and the circumstances for allowing interceptions of communications; Peter believed that privacy cannot be seen as a primary right.
Alex Haydock, also on the proposing side, believed that in the area of digital and cyber security, librarians should be leading the fight to protect user data. Concern was expressed about government departments not having court authorisation to conduct surveillance. The seconder believed that it is the librarian’s duty to minimise data collection. Internet history has shown that leaked data may provide a misleading picture of someone’s life.
In the audience vote – 8 people were convinced by the proposed motion, while 7 were more convinced by the opposition argument. One of the audience members suggested as there was only one speaker for the opposition as opposed to two for the proposed argument, that it should be treated as a draw.
Related knowledge and skills