Narrow-minded questions concerning online privacy…

Now with PRISM

Now with PRISM shared CC by -Curly-

The scope of revelations concerning online spying by government agencies grows with every passing day. Whether or not these allegations come as a surprise to you, it’s clear these practices raise some very complex and troubling questions concerning the state of human rights, of our democracies, of the internet itself. I’m still wading through the thickets of claims and obfuscations to get a sense of what is actually going on, so I will leave those questions aside for now. My present interest is far more narrow, and personal.

In British Columbia, public educational institutions operate under the Freedom of Information and Protection of Privacy Act (“FIPPA”). This legislation has been a source of vexation in the province, with some educational decision makers deciding to interpret the act as forbidding the use of externally-hosted services for teaching and learning. That stance has caused frustration for educators here, especially since a BCcampus forum and study suggested a far more nuanced interpretation was tenable. But for the most part, the legislation is frequently invoked to close off alternatives to existing campus-hosted services such as the LMS, a catch-all objection telling educators they can’t have students author on Wikipedia, or wordpress.com, use Flickr, etc…

So, knowing what we know about the scope of government surveillance, and it is clear that Canada’s authorities are fully engaged, what does that mean to the real authority of provincial privacy legislation? I see two ways of responding.

One, we could see this news as validation of the intent and the effects of the legislation. If we believe this, we would probably need to double down on our ongoing FIPPA enforcement at schools and campuses, to the extent of performing extensive security audits and searches on the machines of faculty, staff and students to ensure compliance. We would have to sacrifice privacy in order to preserve it. Of course, this approach presumes that educators and students can exist in an online vacuum, that their web searches and communications would only be performed within the self-sustaining and warm embrace of the Canadian public educational web. No emails sent to people with Gmail accounts. No visits to sites that use Google Analytics to track visits (such as http://tru.ca and http://ubc.ca). Given that most Canadian internet traffic routs through the States, probably best to forbid web surfing altogether. I suppose there are more constructive alternatives… we might convene an emergency task force led by the likes of Julian Assange and Richard Stallman, mandate the use of Tor, encrypted proxy servers, pseudonyms, etc…

As my characterization of legitimate compliance suggests, a more reasonable interpretation of recent events is that they make a mockery of our provincial legislation. It is a form of security theatre, and if all this legislation did was give the appearance of reassuring action, it might even be defensible as such. But it also places real burdens and costs on public institutions. And because private entities are not subject to this law, it perpetuates an “agile” for-profit sector that is superior to the “inefficient and bureaucratic” public sector.

technototalitarianjritch

I’m not at all satisfied with this post. I probably should delete it. But maybe the manifest shortcomings of this ramble illustrate the futility of narrow and self-interested decision-making concerning technology in higher education. If there was ever any doubt, what we’ve learned about PRISM and the extents to which western governments will go to squash more revelations makes it clear that we cannot count on existing governance to preserve free expression and basic human rights. Silicon Valley will do nothing to save us. University mission statements and commencement addresses love to invoke our timeless commitment to being “stewards of knowledge” and to “protecting free inquiry”. Are those empty words? What are we prepared to do if they are not?

12 thoughts on “Narrow-minded questions concerning online privacy…

  1. “Security theatre” is my big take-away from this blog post, because it captures the frustration that many of us feel. While we are committed to doing the best we can to insure privacy for our students and colleagues, we’re being screwed over by the government security agencies that intrude on that privacy, aided by tech industry leaders who actually control the Internet and bait us with “free” services.

    I recall when Cisco and Google were facing hostile congressional leaders for their actions in China. Now strangely silence when it happens on the homeland turf.

  2. @David – The interplay between government security agencies and the tech industry is one of the most troubling (and in my opinion most disingenuous) elements of this saga. Though as you note after what we saw in China we should not be in the least surprised.

  3. I too am at a loss as to how to respond to this issue. On one level, we always suspected. But being presented with the facts makes it a different matter.

    Also, learner analytics ain’t funny any more.

  4. At the risk of pissing in the wind, which seems the likely outcome of any response in the face of the increasingly Orwellian reality we inhabit, there are some things higher ed could start doing, though the likelihood of doing them seems slight.

    On the modest end, trying to create large scale (provincial? national?) Platform or Software as a Service infrastructure that is publicly owned & open could be a step in the right direction, feasible, and is already on the radar of many public networking bodies. As are online identity services that could wrest this important piece away from the control of corporate entities.

    On the far more radical end, public institutions with a commitment to free and unmonitored speech could be running TOR exit nodes, seedboxes for torrents (I’ll leave it to others to police their contents, but even fighting for the right of a protocol not to be banned outright would be a huge step), offering anonymous network access…

    The number of potential actions is huge. While the scale of the surveillance state is daunting, the technical solutions to countering it exist and are growing. It’s not a lack of technology that’s the issue, it’s a willingness and ability to politically fight this. And who can blame institutions for this? While the latest revelations have made it clear how enormous the security apparatus has become, it was 40-50 years in the making, 40-50 years which coincided with the steady erosion both of the will and the ability of institutions to fight for their “timeless commitment.” Add to this an electorate that not only seems unperturbed by the latest round of “revelations” (the scare quotes because they were so only to anyone completely asleep at the wheel for the last decade) but increasingly only supportive of public institutions to the extent they “create jobs” and reduce taxes, and well, here we go.

    I DO think there are ways to sell some of the above not simply from the perspective of privacy but from the perspectives of “resilience,” “competitive advantage,” “sustainability” and the like, though I scare quote all of these not only because once they’re in the hands of public entities, they intent behind them always seems to get watered down, but because at the end of the day, there IS a conflict here (many actually) that will simply not go away by solutioneering under whatever name. And I’m frankly fed up of avoiding it – we did not get 5 day work weeks, paid holidays and health care rights by avoiding conflict.

    Apologies for the rant. You know what an (conflagration of) issue(s) this is for me, and while I’m glad that people may be starting to wake up to it, I do worry that it is much, much too late.

  5. Thanks Brian as always I appreciate your critique. Some of what you said here about privacy could be said about copyright: In so far as it is the risk averse, and penny pinching institutional culture that leads us down this path. The key for me is this: . “But it also places real burdens and costs on public institutions. And because private entities are not subject to this law, it perpetuates an “agile” for-profit sector that is superior to the “inefficient and bureaucratic” public sector.” This is the myth of technological solutionism it seems to me. The cost of “free” is our privacy. I am gald we can name it and see it for what “it” is I fear not enough people are prepared to do some of the very heavy lifting to change the institutional cultures in which we are all enmeshed (whether we are inside or outside).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.