Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2018
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Contribution to a Panel Session on Governing Digital Platforms
as part of a Workshop on Digital Rights and Governance in Asia
run by the Digital Rights Program at the University of Sydney
13 April 2018
Roger Clarke, **
© Xamax Consultancy Pty Ltd, 2018
Available under an AEShareNet licence or a Creative Commons licence.
This document is at http://www.rogerclarke.com/II/DRG.html
The accompanying slide-set is at http://www.rogerclarke.com/II/DRG.pdf
Panellists were asked to provide a small number of provocations relevant to the topic of 'Digital Rights Governance, and to do so in a short time. I chose to:
In March-April 2018, a 'media event' occurred, after a whistleblower exposed abuse of a vast trove of personal data. A data analytics company had used the data in (possibly somewhat successful) attempts to sway election results. The company had acquired the data from a person employed as an academic by Cambridge University - but who claimed to have collected it, and then disclosed it, in a commercial capacity. A small amount of the data may have been collected consensually; but the vast majority took advantage of designed-in features of Facebook, whose business model ignores data protection laws and systematically leaks data in order to generate traffic and hence earn advertising revenue. A summary of the events will appear shortly on my page containing 'Vignettes of Corporate Privacy Disasters'.
A variety of people reacted with shock and horror, despite how well-known all of the elements were to anyone who had been paying attention to developments during the last decade. It would be nice to think that the exposure of the multiple layers of abuse of personal data would result in substantial harm to the miscreants. This would desirably involve:
None of the above is going to happen. (One beneficial impact could be that European regulators - who would shortly have begun to feel corporate and governmental pressure not to expand regulation too much or too fast - might find their hand strengthened sufficiently by the affair that they can withstand that pressure).
The reasons that the affair will fizzle out quite quickly, and will have little actual impact, are that many parliaments are weak and compromised, many regulators are under-empowered, under-resourced and even captured, and only the intelligentsia are upset. The public doesn't care much, the media will shortly move on to some other source of excitement, and no snowball will run.
Activists, and researchers who are examining these phenomena from viewpoints other than just that of social media corporations, need to look elsewhere for ways in which governance of corporate behaviour can be achieved.
Weak laws need to be exposed, with concrete examples of the negative impacts of their weakneses. And 'self-regulation', at the levels of individual organisations and industry associations, needs to be documented and evaluated in detail, in order to make the inadequacies quite clear. Only through such evidence will momentum be gained for laws be augmented or replaced.
But technical measures also need to be deployed. The individuals and organisations that agitate for change need protection against powerful adversaries. Secure eWorking environments are in disappointingly short supply because of the failure of privacy-enhancing technologies (PETs) to achieve significant adoption. Even those tools that can provide assistance are used by remarkably few persons-at-risk. As a result, activists for all forms of human rights are seriously exposed to threats from their adversaries.
It is important that activists' data, messages, identities, locations and social networks be obfuscated and falsified, in order to avoid not just monitoring, but even the detection of their attitudes, activities and associates. See my paper on Secure eWorking Environments. Schneier's alternative formulation is that the need is to avoid, distort, block and break surveillance.
Organisations are subject to a great deal of informal regulation by means of Standards. These are in some cases technical in nature, in others describe requirements of particular business processes, and in yet others specify the particular ways in which particular business processes need to function. These Standards are established by business and government, with civil society variously excluded and marginalised. Informal regulation of this kind has benefits for the public, but also harbours considerable threats.
Civil society needs to compete much more effectively with business and government Standards in order to rein in the harmful effects. A key way in which that can be achieved is by negotiating and promulgating Public Standards, which address the multiple interests in a manner that is balanced, but is inclusive of advocates for interests of the public as well as the corporate and governmental participants.
Once those Public Standards are in place, NGOs can use them as the basis for evaluating technologies, applications, practices and laws. The inadequacies of existing Standards can be made to stand out in stark relief, because of their failure to satisfy defined needs. See my paper on 'Civil Society Must Publish Standards Documents'.
Roger Clarke is Principal of Xamax Consultancy Pty Ltd, Canberra. He is also a Visiting Professor in Cyberspace Law & Policy at the University of N.S.W., and a Visiting Professor in the Research School of Computer Science at the Australian National University.
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 13 April 2018 - Last Amended: 13 April 2018 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/II/DRG.html