InPhormed consent
This week's announcement that the UK is to begin hooking up its network of CCTV cameras to automatic number plate recognition software is a perfect example of a lot of things. Function creep, which privacy advocates always talk about: CCTV was sold to the public on the basis that it would make local streets safer; ANPR was sold to the public on the basis that it would decrease London's traffic congestion. You can question either or both of those propositions, but nowhere in them was the suggestion that marrying the two technologies together would give the police a network enabling them to track people's movements around the country. In fact, as I understand it, there will probably be two such networks, one for police and the other for enabling road pricing.
It's also a perfect example of why with today's developing technology it's nearly impossible for people to give informed consent. Do I want to post personal photographs where only my friends and family can see them? Sure. Do I want those photos to persist online even after I think I've deleted them and be viewable by outsiders via content delivery networks and other caches? No, or not necessarily.
And it's a perfect example of why opt-in is an important principle. Will I trade access to slightly better treatment and the occasional free ticket for my travel data (in the form of frequent flyer programs)? Apparently so. Does that mean that every casual flyer should perforce be signed up with a frequent flyer number and told to opt out if they don't want their data sold for marketing purposes? Obviously not.
Developing technologies are an area where experts have trouble predicting the outcome. Most people will not or cannot find the time to try to understand the implications, even if those were available. How is anyone supposed to give intelligent and informed consent? Making a system opt-in means that only those who have taken at least some trouble make the trade-offs. With CCTV and ANPR, most of us have little choice: we may vote for or against politicians based on their policies, but we don't have a fine-grained way of voting for this policy and against that one.
Even if we did, however, we'd still have the problem that technology is developing faster than anyone can say "small-scale pilot". This is why it's difficult for anyone to give intelligent and informed consent when a new idea like Phorm comes along to argue that their service is so wonderful and compelling that everyone should be automatically joined to it and those few who are too short-sighted to see the benefits should opt out.
When Phorm first came along and everyone got very hysterical very fast, I took a more cautious, hang-on-let's-see-what-this-is-about view that was criticized by some expert friends and called "a breath of sanity" by one of the Phorm folks I met. Richard Clayton did a careful technical analysis (PDF). Then it emerged that BT had been conducting trials of Phorm's packet inspection technology without getting the consent of its customers. (What do we pay for, eh?). This was clearly arrogant and wrong, a stand with which the EU concurs in the form of a lawsuit despite the Home Office's expressed belief last year that Phorm operates within UK law.
For a lot of us, if we don't quite understand the technology, can't guess the implications, and aren't sure of the implications, we play the man instead of the ball. Who are the people who want us to use this stuff? And do they behave honourably? The BT trial is a clear "no" answer to the last. As for the former, that's where the Stop Phoul Play Web site is so helpful in characterizing its opponents as privacy pirates. I am not listed, but I note that many of those who are serve with me on the Open Rights Group advisory council and/or on that of the Foundation for Information Policy Research, an organization whose aims I also support. But the whole Stop Phorm Web site is written in precisely the tone of the fake news pieces that appear in C. S. Lewis's novel That Hideous Strength, deliberately written as outright lies and propaganda by a weak character under the influence of the novel's forces of evil.
If Phorm had sat down to calculate carefully what its best strategy would be for alienating as many people as possible, it would have created exactly this Web site. I might disagree with but respect an organization that set out its claims and reasoning for public debate. An organization that thinks claiming it's being smeared while smearing its opponents (calling The Register a "media mouthpiece" is particularly hilarious) is either stupid or dishonest, and in neither case can we trust its claims about what its technology does and does not do.
Though we can wonder: did the Home Office support Phorm's proposals because they thought that having a third party build a deep packet inspection system might be something they could use later at low cost? I'm not normally paranoid, but...
Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at the other blog, follow on Twitter, or send email to netwars@skeptic.demon.co.uk (but please turn off HTML).