“It would take a gunshot…”

“… just to clear your head awhile” … goes the excellent but rather acerbic song by the late Kirsty MacColl. That’s how I sometimes feel about our UK policymakers – though I should make clear that I do not say that as a threat, and I in no way condone armed violence or the misuse of firearms. More about UK policymakers in a moment.

But first let’s take a quick detour to the West Midlands, where police, as part of their law enforcement strategy a few years ago decided (probably after a convincing sales pitch demonstrating its deployment in the US) to try out the ShotSpotter ballistic noise triangulation system. There’s a BBC article about the project here: http://www.bbc.co.uk/news/technology-28004190. How did it go?

Not well.

Apparently out of 1618 alerts generated by the system, only 2 were genuine firearm discharges. There were 1616 false positives (a failure rate of 99.876%) – but it gets worse: the system also failed to identify 4 genuine firearm discharges.

The police explain two of those away by pointing out that they were airgun shots – which is a rather “have your cake and eat it” attitude, since any airgun over 12ft/lbs in power is regulated as if it were a firearm.

The vendors explain the poor performance of the system by noting that the West Midlands police’s low budget led them to deploy far fewer sensors than they would have done under ‘normal circumstances’ (my quotes) – normal for a US metropolitan environment, that is. And there’s the first issue. Much as I appreciate the West Midlands police force’s wish to minimise gun crime, the figures for gun ownership, gun use and gun crime in the UK and US are in no sense equivalent. On that basis, the cost/benefit analysis that would justify a full ShotSpotter deployment is never going to translate effortlessly between the two countries… though, of course, there is the argument that any loss of human life to gun crime is worth paying to prevent.

The second issue is one mentioned in the BBC article I linked to, but never addressed. ShotSpotter is an audio recording system, and it’s on 24 hours a day. It records whatever the microphones pick up, including conversations. So, whatever the firearms-related benefit (and, as the pilot showed, those can be questionable), there is a serious privacy and civil liberties cost which is, basically, ignored. If you don’t find that unnerving, consider one of the other changes the company made, apparently as a result of the failed West Midlands pilot: data from the system is now passed to a control centre in the US for analysis. As the article puts it:

“SST staff now monitor all the sensors deployed worldwide through a central base in the US to confirm the cause of each explosion, rather than leaving such a judgement to local law enforcers on the ground”

With what we all now know about US law enforcement/intelligence data mining (especially of data relating to non-US citizens), and our own government’s current efforts to push through “emergency” data retention legislation in a one-day travesty of parliamentary process, that sounds to me like a recipe for disaster.

Regrettably, the political direction of travel, here and in the US, seems clear and uniform: more government collection and retention of data, with the law enforcement benefit (however minor) automatically outweighing the cost in terms of civil liberties and human rights.

Indeed, the current “DRIP” (Data Retention and Investigatory Powers) legislation in the UK seems set to perform a dual purpose for the government: first, it will make it legal for them to carry on doing something which the European Court of Justice has ruled is incompatible with EU (and therefore UK) human rights legislation. That’s worrying.

Second, if the government’s data retention measures are then challenged under the Human Rights Act, it will (in their eyes, if no-one else’s) serve to illustrate why the UK should pull out of the European Convention on Human Rights and give primacy to some watered-down version of their own devising. And if we didn’t like the look of that, presumably they would just push it through in a one-day stitch-up just before parliament breaks for its holidays. That might sound cynical, but that is exactly what is happening with #DRIP, as the heads of all three major parties smile calmly and tell us we should just trust them.

The full verse from Kirsty MacColl:

“It would take a gunshot
Just to clear your head awhile
And after all this time
How can you stand there
Look at me and smile?”

The song is, appropriately enough, entitled “Innocence”.

 

Google, The Guardian and the “right to deletion”

The Guardian newspaper has published a piece about the evolving practice of compliance with the recent EU ruling on de-indexing of search engine results.  For what it’s worth, my personal view is that de-indexing is a minimum requirement. I also strongly support a right to the enforcement of retention periods for personal data – a legal requirement which has been largely ignored to date.

However, I’m delighted to see mainstream media finally mentioning the fact that there is a public interest test to be applied, here. Implementing the EU “RTBF” ruling may not be simple, but failing to acknowledge the public interest test just dumbs down the debate unnecessarily.
 
Above all, good selective de-indexing calls for reasoned ethical judgement, not just legal argument, so (donning my “work” hat for just a second) I think ISOC’s recent work on ethical data handling is timely and of increasing relevance.
 
I can see two areas of complication ahead (well, loads actually, but here are two to be going on with):
 
1 – national differences concerning the identifiability of court proceedings. In the UK, legal cases are referred to in the public record as “Crown vs John Smith” – in other words, the defendant is named in the “title” by which the case is indexed. In France, I’m told, the *public* record of a legal case does not name the defendant; they are named in the court records, but those are not universally available. What constitutes “the public record”, as indexed by the name of the data subject, may therefore differ substantially across jurisdictions.
 
2 – the potential for wilful mis-interpretation of what “public interest” means. In the UK, we often hear our delightful gutter press justifying the publication of a particularly intrusive story by saying “yes, it’s sordid and embarrassingly personal, but it’s in the public interest”… when what they really mean is “the public is pruriently interested in the gory details”, not “publication of this story serves the social interests of the general public”. 
 
To those who complain that selective de-indexing introduces extra cost, I’m afraid my answer is that the extra cost goes with the territory. And that’s not new. For example, in 2010 I heard Google’s then CPO, Alma Whitten, talking about Google’s approach to privacy. She made frequent reference to Google’s mission:
 
“Organizing the world’s information and making it accessible and useful”
 
Here’s what I said at the time:
 

The mission statement of “organising the world’s data…” is a goal which sets Google up to have a lot of stakeholders – and individually or in aggregate, those stakeholders have rights and expectations which deserve to be satisfied. “The world’s data” is not a privacy-neutral concept, and “organising it” is even less privacy-neutral.

The danger of favouring commercial objectives over the other stakeholder rights is that it creates the impression of selling out, rather than shouldering the responsibility of satisfying the non-commercial stakeholders to the appropriate degree. Rudyard Kipling described “Power without responsibility” as “the prerogative of the harlot”. That’s not an alluring brush with which to be tarred…

(This blog, Feb 2010)

 

There’s still a lot of knee-jerk rhetoric on this topic (“RTBF is dumb/prevents freedom of expression” vs “RTBF is a necessary privacy protection in the hyperconnected world”), but I hope this advisory council is a sign of more measured debate taking place.

 
I also don’t think RTBF is necessarily fatally flawed just because Google have succeeded in doing it badly a few times so far, just to make a point. When I was a sulky teenager, I am ashamed to admit, I used to wash dishes offensively badly, in the hope of not being asked to do it the next time. I’m more grown up about it now, and I hope Google’s attitude to compliance is maturing, too.