Now with PRISM shared CC by -Curly-
The scope of revelations concerning online spying by government agencies grows with every passing day. Whether or not these allegations come as a surprise to you, it’s clear these practices raise some very complex and troubling questions concerning the state of human rights, of our democracies, of the internet itself. I’m still wading through the thickets of claims and obfuscations to get a sense of what is actually going on, so I will leave those questions aside for now. My present interest is far more narrow, and personal.
In British Columbia, public educational institutions operate under the Freedom of Information and Protection of Privacy Act (“FIPPA”). This legislation has been a source of vexation in the province, with some educational decision makers deciding to interpret the act as forbidding the use of externally-hosted services for teaching and learning. That stance has caused frustration for educators here, especially since a BCcampus forum and study suggested a far more nuanced interpretation was tenable. But for the most part, the legislation is frequently invoked to close off alternatives to existing campus-hosted services such as the LMS, a catch-all objection telling educators they can’t have students author on Wikipedia, or wordpress.com, use Flickr, etc…
So, knowing what we know about the scope of government surveillance, and it is clear that Canada’s authorities are fully engaged, what does that mean to the real authority of provincial privacy legislation? I see two ways of responding.
One, we could see this news as validation of the intent and the effects of the legislation. If we believe this, we would probably need to double down on our ongoing FIPPA enforcement at schools and campuses, to the extent of performing extensive security audits and searches on the machines of faculty, staff and students to ensure compliance. We would have to sacrifice privacy in order to preserve it. Of course, this approach presumes that educators and students can exist in an online vacuum, that their web searches and communications would only be performed within the self-sustaining and warm embrace of the Canadian public educational web. No emails sent to people with Gmail accounts. No visits to sites that use Google Analytics to track visits (such as http://tru.ca and http://ubc.ca). Given that most Canadian internet traffic routs through the States, probably best to forbid web surfing altogether. I suppose there are more constructive alternatives… we might convene an emergency task force led by the likes of Julian Assange and Richard Stallman, mandate the use of Tor, encrypted proxy servers, pseudonyms, etc…
As my characterization of legitimate compliance suggests, a more reasonable interpretation of recent events is that they make a mockery of our provincial legislation. It is a form of security theatre, and if all this legislation did was give the appearance of reassuring action, it might even be defensible as such. But it also places real burdens and costs on public institutions. And because private entities are not subject to this law, it perpetuates an “agile” for-profit sector that is superior to the “inefficient and bureaucratic” public sector.
I’m not at all satisfied with this post. I probably should delete it. But maybe the manifest shortcomings of this ramble illustrate the futility of narrow and self-interested decision-making concerning technology in higher education. If there was ever any doubt, what we’ve learned about PRISM and the extents to which western governments will go to squash more revelations makes it clear that we cannot count on existing governance to preserve free expression and basic human rights. Silicon Valley will do nothing to save us. University mission statements and commencement addresses love to invoke our timeless commitment to being “stewards of knowledge” and to “protecting free inquiry”. Are those empty words? What are we prepared to do if they are not?