Friday, December 17, 2010

NHS Internet Privacy

I wrote to my MP, Nicola Blackwood, several weeks ago asking her to sign the early day motion on NHS internet privacy first signed by Tom Watson MP:
That this House notes with serious concern that the pages of the NHS Choices website allows third-party advertising and tracking companies, including Google and Facebook, to track people's internet browsing habits; believes that it is inappropriate for advertising and social networking companies to observe what an individual is viewing on a Government website that deals with sensitive medical information; further notes that the sharing of personal data of its users with companies outside the European Economic Area and with for-profit advertising companies may render the NHS in breach of its data protection obligations to the Information Commissioner's Office; and calls on the Department of Health to review its policy to ensure the privacy of all users of its websites is protected.
I've had the following reply from her this afternoon.
Dear Mr Corrigan,

Thank you for contacting me about the issue of data protection on the NHS Choices website and I apologise for the delay in my reply.

I can understand your concerns, but it is worth noting that the use of Facebook functionality on NHS Choices was initiated under the previous administration.

The issue of Facebook capturing data is not restricted to just NHS Choices. Data transfer happens across the whole range of sites and applications on the internet, and is a result of how users’ internet browsers are set up and how people log out and close down sites.

The Government informs me that NHS Choices has strict privacy policies which are in line with the Data Protection Act. As well, Facebook capturing data from sites like NHS Choices is a result of Facebook’s own system. When users sign up to Facebook they agree Facebook can gather information on their web use from their computer. NHS Choices privacy policy, which is on the homepage of the site, makes this clear.

The Government has asked the NHS Choices service to increase the prominence of information informing users of the potential for information about their activity being captured by services like Facebook, including what actions they can take to restrict this.

I hope you find this information helpful and thank you again for taking the time to contact me.

Kind regards,

Nicola Blackwood MP
So the party line seems to be:
  • It is not this government's fault it's the previous lot
  • People leak personal data all over the internet
  • NHS Choices has a privacy policy, that the government believes is in line with the Data Protection Act; 
  • Facebook is a personal data harvester
  • The government will ask NHS Choices to warn people they leak personal data on the Net
I tried to be polite in responding.

Dear Ms Blackwood,

Thanks for your response.

Yes it was the previous government that this started under.

Yes people leak an inordinate amount of personal data on the internet.

Yes Facebook harvest personal data.

The NHS Choices privacy policy may or may not be in compliance with the Data Protection Act but that is largely immaterial if the operation of the site breaches the Act.

NHS Choices warning people they leak personal data on the internet is not going to solve the fundamental problem.

The site is built and operated in such a way as to facilitate the routine harvesting by third parties of the personal details of people seeking advice from a government website, often about intimate medical matters.

The social media, third party tracking features were no doubt innocently included originally to drive traffic to the site.  They are just not appropriate in the case of this kind of site. The government or the NHS should not being routinely sharing people's specific desire for information about particular medical matters with third parties, without consent.

I have little doubt that personal data pollution is going to be the environmental disaster of the information age but the sooner we start to tackle it the better chance we have of getting it under control.  In the case of NHS Choices the question of whether the site should be fixed to limit data sharing is not even a hard one.  That the government should prevaricate in this way when you ask for advice on how to respond on this matter leaves me seriously concerned that when it comes to dealing with the serious problems in this area, they will be found sadly wanting.

I understand, as a new MP, you have a lot of things to get to grips with and apparently obscure technical policy won't necessarily be top of your list of priorities; but I hope you're managing to settle into your new role now and beginning to get things under control in a way which will enable you to take an active interest in such matters as the parliament progresses.

Kind regards,


Temple Grandin and visual thinking: the world needs all kinds of minds

The OU is currently doing a research/scholarship internal audit to get a picture of the University's measurable outputs, leading me to ponder Martin Weller's and Jim Groom's notion of the perpetuation of the zombie scholar.
"Scholars engage in a number of different activities, which operate within specific cultures. These cultures are defined in part by technology and reward and recognition frameworks. In this paper we look at the functions of the scholar, particularly focusing on research. The uptake of new technologies in research and associated practices can be seen as a barometer for innovation within higher education.
We argue that the context within which academics operate is akin to the spread of the zombie virus, with new entrants rendered zombies by the constraints of the environment. We suggest one possible antidote to this zombification of higher education is the use of new technologies and particularly the cultural norms they embody."
Modern scholars have to churn out conventional papers through conventional peer reviewed journals and tick the appropriate boxes on conventional metrics to have a legitimate career.  The sheer enormity of the grunt work involved in doing this leaves no room for innovating, exploring new technologies, thinking.  Standardisation and zombification, accepting absorption into the academic Borg is the rational means of survival.

If the university sector is bad in this respect (though Martin and Jim propose a partial solution through the - surprise, surprise - engagement with new technologies) then schools appear to be worse, with their league tables and targets and box ticking and fear of not fulfilling all their administrative duties to keep their political masters and the inspectors on side.  This kind of zombiefication is not limited to the education system - see Martin's recent pop at the media for example or Dan Gillmor's excellent new book on the same - but it's the education system I want to stick with here and in particular Temple Grandin's recent TED talk The World Needs All Kinds of Minds.

Grandin does a lot of travelling and meets a lot of bright geeky/nerdy kids that teachers - often dedicated professionals - have no idea what to do with.  She's passionate about changing the world through enabling people to realise their potential, regardless of the different learning and thinking modes that might be most natural to them.  She herself was not interested in 'learning' until an enthusiastic, unconventional science teacher, previously a NASA scientist, got her engaged in science through tapping into her innate visual thinking talents.

Grandin herself is autistic which partly manifests itself in an exceptional ability to think in pictures and patterns.  What's interesting in the educational technology context is that she repeatedly uses the Google images analogy to describe how her brain works but also that she naturally uses web tools like YouTube as part of her work.  She talks about the autistic/geeky/nerdy mind tending to be fixated on certain things.  With kids that can be lego, cars, insects, computers, the weather or a host of other things.  That fixation, she argues, is the handle that schools can use to engage those kids - use it as a basis to teach maths or science or a whole range of other things.  The important thing is to light the spark of learning and in one sense it doesn't matter what you teach them.  It has to be said that it is not just autistic kids that this applies to.  There has been political hand wringing about the lack of interest teenage boys or [insert your own favorite demographic group here]  have had in learning/schooling for as long as I can remember.

Yet the entire system is designed for standardisation and churning out the perfect job trained zombies. It's a great system for bureaucrats to work in but not for kids with different kinds of learning styles, thinkings skills or interests.  Grandin is passionate about the need to work with and nurture different kinds of minds - silicon valley is chock full of autistic talent for example - if we are to tackle the serious challenges facing the world today; whether that's climate change, global warming or the energy crisis for example.  If Einstein, Mozart, Turin, Da Vinci or Gutenberg had been around today they would likely have been diagnosed as autistic.

When Grandin was at school she had a mental block against algebra - the autistic mind fixates on certain things and blocks others and she just couldn't do it.  As a result she was banned from taking geometry and trigonometry.  Think about that - an exceptional visual and pattern thinker banned from practicing those natural skills on subject matter at which they would have enabled her to excel.  How many kids are locked away from activities which could create that learning spark due to deliberate bureaucracy, baffled overworked teachers who don't know what to do with certain children, the national curriculum, the lack of time and space to do anything that doesn't contribute to pursuing targets - systemic, introspective, bureaucratic, neglect?

Depressing really but as Samuel Langhorne Clemens, aka Mark Twain, once said, you should never let your schooling interfere with your education. I wonder if there is anything in Martin's and Jim's partial cure through technology that could work in the school context? I suspect so though have my doubts that the UK schooling systems as currently constituted could facilitate it.  Grandin's right that if we want to change the world for the better and address the really big issues like the energy crisis then we need to be lighting the spark in the varied minds of coming generations. As she once wrote:

"If by some magic autism had been eradicated from the face of the earth then men would still be socialising in front of a wood fire at the entrance to a cave"
On a final note it was interesting to hear her talk about her passion for server farms because they 'contain knowledge, they contain libraries'.  Another advocate for open access.

Wednesday, December 15, 2010

SCRIPTed including review of Marsden's Net Neutrality book

The latest issue of the excellent SCRIPTed journal of law, technology and society is now available, including my review of Chris Marsden's book, Net Neutrality: Towards a co-regulatory solution.(copy below). I particularly recomend the refereed articles Human Genetic Manipulation and the Right to Identity: The Contradictions of Human Rights Law in Regulating the Human Genome by Norberto Nuno Gomes de Andrade, pp.429-452; Human Gene Patents and Genetic Testing in Europe: A Reappraisal by Naomi Hawkins, pp.453-473 and El derecho de desistimiento en el ámbito de la contratación electrónica realizada en España (The right of withdrawal in the field of Spanish electronic procurement) by  David López Jiménez, Fernando Barrio, pp.497-514.

Review of Net Neutrality: towards a co-regulatory solution.
Net neutrality, explains Christopher T. Marsden on the second page of this book,
is about the rules of the road for Internet users, and about the relationship between the owners of those roads and the users. Government is asked to make a decision as to which users have priority and whether road charging should be introduced, ostensibly to build wider and faster roads in future.
On 20 October 1999, the IDT Corporation, then a big a New Jersey based Internet service provider, blocked all email from the UK because some of its customers had received a large number of offensive unsolicited emails.  These appeared to come from a UK address, but the spammer had actually exploited a security hole in a UK university system, making it appear as if the bulk emails were originating there.  Just before Christmas 2004, Verizon reportedly[1] blacklisted and blocked email coming from IP addresses allocated to a collection of UK and European ISPs. IDT did not, allegedly, contact the University (of Leeds) before the action was taken.  The blocking continued for several weeks. The response – to cut off a whole country - was a bit drastic, even if the emails had come from the UK. Given congestion on the network, traffic management is standard practice for ISPs everywhere, though there is a dearth of independent empirical research as to the extent, the precise pattern or the nature of such activity. We simply have no idea whether countrywide lockdowns or similar widespread filtering are commonplace or rare.
I mention the IDT story in particular because it was in 1999 that Chris Marsden began his residential fellowship at Harvard Kennedy School, where the seed that was to grow into his excellent book, ‘Net Neutrality: towards a co-regulatory solution’, was planted.  It was the beginning of 10 years of globe trotting research and engagement with a who’s who of the smartest minds in the business: legal and technical scholars, practitioners and cross disciplinary polymaths who helped to shape the author’s ideas on this complex but hugely important subject.
The first and most important thing to say about this book is that it should be compulsory reading for policymakers everywhere. It manages to serve the dual purpose of being a primer on the subject for the general reader while also being an essential handbook for the specialist and the policymaker.  Dr Marsden gets to the heart of the key issues of net neutrality:

  • Network economics
  • Vertical integration and oligopolistic market evolution and concentration
  • Traffic management and quality of service
  • Civil rights – speech and privacy
  • Conflicting needs of the large spectrum of Net users
  • Regulators’ limitations
  • Intermediary liability
  • Commercial and political forces driving the internet towards a future of control
  • European law
  • The absence of individual Net user influence on policymakers
  • Co regulatory policy proposals
And indeed many more.  It is probably the single most comprehensive analysis of net neutrality you will find between the covers of a single volume.
If I had one generic criticism of the book it is that the author does not provide enough detail in relation to the engineering and technology of networks.  I think there is real value in regulators and policymakers understanding the difference between circuit and packet switching, for example, and this could avoid a lot of confusion. But I would say that, because I am an engineer.  In conversation with the author, he pointed out to me that the literature on technology and engineering in this area is already rich, which is true, but it is unlikely to be perused by many non technical policymakers.  That is, however, a minor criticism.  Dr Marsden had no choice but to leave out vast swathes of material that he would no doubt have liked to have included – that is the nature of a monograph.
Tom Standage, digital editor at The Economist magazine, recently criticised the concept of net neutrality as being ‘silly’[2] and too vague – if you get three geeks in a room you will get four different definitions of the concept (which is probably true!) – and that thing that gets invoked by anyone complaining about something they dislike about the Internet. Geeks and consumer advocates have been arguing that the law should guarantee net neutrality, thereby disabling network operators’ power to engage in discriminatory practices. Mr Standage is concerned that attempts to write net neutrality into law on both sides of the Atlantic will just end up making matters worse.  The Internet is not neutral now, and there are lots of things that we do not want to be neutral. For example, it is desirable that spam is blocked, or gamers might want superfast low latency broadband services that they would be prepared to pay extra for.  The danger of saying that things must stay as they are is that you fossilise the Internet in its current state. A simplistic net neutrality law might just do that, making illegal a lot of useful things that are presently being done. So the best legislation in relation to net neutrality is none.
I share the concerns of the author about the complexity and the dangers of getting it wrong. On the other hand, the vagueness and complexity of the concept and its multiple advocates is not necessarily a bad thing.  Just as James Boyle has invoked the environment and environmentalism in his call to protect the public domain, perhaps net neutrality can serve a similar function in relation to the open Internet.  After all, ‘environment’ is quite a vague term with many meanings, but it is also an articulation of a shared interest that brings that interest into being.[3] The hunter and the animal rights activist may dislike each other intensely, but they have a shared interest in protecting the ecology and habitat of the animals they are interested in.
In any case, you will not find any over-simplified, table-thumping advocacy in Chris Marsden’s book - of either the ‘cure it with net neutrality’ or ‘cure it with market forces’ variety.  This is despite the fact that the introductory chapter begins with a quote from Barack Obama that concludes: “We can’t have a situation in which the corporate duopoly dictates the future of the Internet and that’s why I’m supporting what is called net neutrality.”  Dr Marsden, on the contrary, provides a comprehensive and pragmatic analysis of the state of net neutrality and its regulation and expects both free market fundamentalists and net neutrality purists to disagree with his suggested co-regulatory way forward. 
You get an idea of the scope of the book through the Introduction, which provides a whistle-stop tour of: net neutrality, network economics, European digital television regulation, interoperability, Microsoft litigation, Napster, Skype, mergers and acquisitions, EU telecoms liberalisation (and the variability in the effectiveness of national regulatory authorities in ensuring local loop competition), GERT (Group of European Regulators in Telecoms),[4] the 2001-2002 unravelling of the universal service commitment in the US, Machiavellian incumbent power games, the need to recognise broadband infrastructure as public works, the ruthless competition and government direction in Korea, the end to end principle, transparency failures, absence of empirical research, quality of service guarantees, 3G in Japan, traffic management, deep packet inspection, and the inevitability of discrimination where architecture permits it. 
All that and more – including a passionate assertion (with which I wholeheartedly agree[5]) that the creation, operation and monitoring of open Internet policy is too important to be left to the experts, since it is about fundamental human rights and consumer welfare, necessitating a balanced approach to net neutrality – in an introduction, before he even outlines the structure of the book, leaves you in little doubt that although it is written in an accessible style, this is a tome that will require the full concentration of the reader.  It is clear that net neutrality resides firmly in the realm of what Russel L Ackoff would have described as a ‘mess’, a collection of complex problems interacting with other complex problems and therefore part of a set of interrelated problems, or a system of problems.[6]
It is important to point out that Dr Marsden distinguishes two separate non- discrimination commitments in net neutrality, something which itself would likely illicit gnashing of purists’ teeth.  What he calls ‘net neutrality lite’ and something that ultimately forms a central plank of his co-regulatory way forward, relates to ensuring that ISPs are not allowed to engage in opaque and discriminatory traffic management to the detriment of Internet users of any class.  ‘Positive net neutrality’ on the other hand is about ensuring a balance whereby investment in future broadband infrastructure is not discouraged. Network owners would be allowed to offer access to better services – the fast lane – for higher prices, as long as those services are offered on fair, reasonable and non-discriminatory (FRAND) terms to everyone. FRAND theoretically checks the inclination of service providers, content owners and vertically integrated behemoths of both to engage in exclusive deals, disadvantaging ordinary Internet users and commercial entities not party to those deals. It is an explicit recognition of the notion that genuine competition cannot exist in an unequal world.  Much of the first three chapters of the book are given over to exploring these issues in depth. 
The first three chapters and the regulatory soup of European law in Chapter 5 may well prove to be the most challenging for the general reader.  My advice would be to stick with it, however, without worrying too much about following all the twists and turns of detailed economic and legal analysis.  Persistence will pay off.  If a general reader was to come away from the book with a simple realisation that much of what passes for public debate on net neutrality is what Dr Marsden describes as a “dialogue of the deaf” – net neutrality absolutists versus net neutrality refuseniks – then the reading time invested will have been worthwhile.  Traffic management on congested networks is a fact of life and to suggest otherwise, as net neutrality purists do, is to invite easy criticism.  Yet the promise of better quality of service ‘next year’, by those claiming that competition will cure network service problems, predates by about a decade the awakening of the public consciousness to the wiles of the Internet. Said promise is thus wearing a bit thin, and until we break the Gordian knot on large scale investment - from the public and private sectors – in universal super fast broadband infrastructure, congestion problems are going to be increasingly present.
Chapters 4, 5 and (to some degree) 6 tackle the primary concerns of digital rights activists relating to freedom of speech, personal privacy, creativity (e.g. remixing) and innovation. These in turn are intimately entangled in questions about intermediary liability and notice and takedown regimes, with particular concerns about architectural and legal control eroding the current legitimate ability of ISPs to avoid responsibility for user-generated content or traffic on their networks.  When the ability to discriminate, control, block and invade privacy (through DPI or disclosing personal details to content owners on request) is built into the network, then all those facilities will be activated, regardless of any formal rules or procedures in place to prevent such discrimination or the undermining of personal freedoms.  If the power to lay down the rules for such activities is to be devolved to senior government ministers and national regulatory authorities (NRAs) such as Ofcom, as it is, for example, in the UK Digital Economy Act 2010, it is important that they understand the complexity of the measurement of actual ISP operations and net user harm.  The temptation, therefore, would be for an independent auditor (the NRA?) to choose metrics which are easy to measure rather than those that provide truly informative indicators of sector practice. Dr Marsden pulls no punches in relation to the variable performance and failings of NRAs in this regard, despite his inclination to settle on a co-regulatory approach, the option which he begins to outline in chapter 6.

Chapter 7 deals with the unique issues of the mobile Internet, and Chapter 8 concludes with what the author admits is an imperfect, best effort compromise, based on his net neutrality lite idea that ISPs should not be allowed to engage in opaque and discriminatory traffic management, to the detriment of Internet users. Net neutrality lite would be policed by some combination of agreed industry codes and NRA monitoring and enforcement. He sums up:
Co-regulation is a prevalent but awkward compromise between state and private regulation, with constitutionally uncertain protection for end-users and a worryingly large latitude for private censorship, which has been increasing throughout the last decade…Any solution needs to be holistic, considering ISPs’ roles in the round, including their legal liabilities for content filtering…This is a policy area with no right answers that offer perfect solutions…I am happier limiting my solution to emphasize the complexity of the problem than trying to claim a one-size-fits-all solution.  Net neutrality is an issue with potentially profound consequences, and cannot be entirely left to market actors, however neutral or benign their motives.
Internet services now form an integral part of the way that many people access education, employment, government and commercial services and a world of entertainment, in addition to a personal printing press, and electronic tools facilitating creativity and communications that most of us would not have dreamed of 25 years ago. 
Cyber law and technology geeks understand that the Internet grew almost by accident, due to the fortunate coming together of a number of related things:
1.      general purpose computers - which can be programmed to do anything and are not controlled (post sale) by the vendor/manufacturer;
2.      the open network - which was open to everyone, and not just trusted sources like the existing conventional media giants; and
3.      telecoms liberalisation - a regulatory regime which meant that it could grow on the back of the telephone network, and before governments or telcos really noticed. 
All of this - the general purpose computers, the open network and the lack of control - led to an explosion of commercial, social and cultural creativity.  Enterprises like Amazon, the World Wide Web itself, Wikipedia, Google, Facebook etc. grew.  And because of the absence of concentrated control of the platforms or network none of the instigators of these entities had to ask anyone for permission. No permission was required.
Now, however, governments and commerce (including network operators) are very much aware of power of the Net and energetically attempting to assert control over it.  These combined forces are leading to a closing down of the Net and an evolution towards a future of fragmentation (walled gardens and national firewalls) and control.  That in turn kills the facility for innovation and creativity and leads to a creeping erosion of personal liberty.
So when Chris Marsden writes about a co-regulatory solution to net neutrality, he is not just dealing with some obscure, abstract technical concept, of interest only to technical specialists and policy wonks.  In ‘Net Neutrality: towards a co-regulatory solution’ he makes a hugely important contribution (though he himself admits it is an “awkward compromise”) to improving the regulation of the default electronic constitutional architecture which will shape the future of our information society. The author is also to be commended for negotiating with Bloomsbury to make the work available under the Creative Commons Attribution Non-Commercial Licence.

Ray Corrigan,
Senior Lecturer in Technology, Open University.[7]

DOI: 10.2966/scrip.070310.578

 © Ray Corrigan 2010. This work is licensed under a Creative Commons Licence. Please click on the link to read the terms and conditions.

[1] J Gartner, “Verizon's E-Mail Embargo Enrages”, 1 October 2005, available at

[2] BBC Radio 4, ‘Click On’, Monday 18 October 2010.
[3] J Boyle, “The Second Enclosure Movement and the Construction of the Public Domain (2003) 66:33 Law and Contemporary Problems, 33 -74.
[4] Note that between the editing and publication of the book the Group of European Regulators in Telecoms (GERT) was renamed the Body of European Regulators for Electronic Communications (BEREC).
[5] R Corrigan, Digital Decision Making: Back to the Future (London: Springer-Verlag, 2007), at chapters 9 and 10.
[6] RL Ackoff, Redesigning the Future: Systems Approach to Societal Problems (New York: John Wiley & Sons Inc, 1974).
[7] Full disclosure: I was an external examiner on Dr Marsden’s PhD awarded by Essex University for his work on this book.

Sunday, December 12, 2010

Police threaten 12 year old over Facebook group

I hadn't seen this story until this morning, about a police officer questioning a 12 year old in a reportedly intimidating manner at school. What prompted Thames Valley Police to summon the lad, Nicky Wishart, from lessons and question him in front of his head of year without the knowledge of his parents?  Apparently he and his friends have been raising money cleaning cars etc. in an attempt to keep his local youth club open.  As part of this effort he set up a Facebook group calling for picket of David Cameron's constituency office to draw attention to the closure, (apparently due to happen early next year because of budget cuts).  Reportedly 130 people joined the facebook group.

Whichever senior police officer ordered/approved this action should be ashamed of themselves. Regardless of how sensitive (and many schools/community liaison officers are excellent at their job) or alledgedly intimidating the officer questioning young master Wishart was, being pulled out of lessons to be questioned by the police is likely to be a scary experience for any ordinary 12 year old. Have we really got to the position where "school boy" + "protest" = "terror alert"?  If so the surveillance state apparatus constructed by Nu Labour is more out of control than David Cameron feared when promising, prior to and immediately after being elected and as a central plank of the coalition agreement, that they would dismantle its worst excesses.  Mr Cameron, a 12 year old boy, in your own constituency, who would like you to know his youth club is being shut down, has been warned off by the police.  I suspect and hope you have the decency to do something about it.

Whatever we might think about the Net speech v establishment nature of the ongoing Wikileaks story, we have pretty serious problems in our own back yard on this front when 12 year olds become suspected terrorists through trying to keep community services going.

Update: Check out this more detailed analysis at lateforlawschool.