Sue Halpern June 8, 2017
Prototype Politics: Technology-Intensive Campaigning and the Data of Democracy by Daniel Kreiss Oxford University Press, 291 pp., $99.00; $27.95 (paper)
Hacking the Electorate: How Campaigns Perceive Voters by Eitan D. Hersch Cambridge University Press, 261 pp., $80.00; $30.99 (paper)
Donald Trump; drawing by James Ferguson
Not long after Donald Trump’s surprising presidential victory, an article published in the Swiss weekly Das Magazin, and reprinted online in English by Vice, began churning through the Internet. While pundits were dissecting the collapse of Hillary Clinton’s campaign, the journalists for Das Magazin, Hannes Grassegger and Mikael Krogerus, pointed to an entirely different explanation—the work of Cambridge Analytica, a data science firm created by a British company with deep ties to the British and American defense industries.According to Grassegger and Krogerus, Cambridge Analytica had used psychological data culled from Facebook, paired with vast amounts of consumer information purchased from data-mining companies, to develop algorithms that were supposedly able to identify the psychological makeup of every voter in the American electorate. The company then developed political messages tailored to appeal to the emotions of each one. As the New York Times reporters Nicholas Confessore and Danny Hakim described it: A voter deemed neurotic might be shown a gun-rights commercial featuring burglars breaking into a home, rather than a defense of the Second Amendment; political ads warning of the dangers posed by the Islamic State could be targeted directly at voters prone to anxiety….Even more troubling was the underhanded way in which Cambridge Analytica appeared to have obtained its information. Using an Amazon site called Mechanical Turk, the company paid one hundred thousand people in the United States a dollar or two to fill out an online survey. But in order to receive payment, those people were also required to download an app that gave Cambridge Analytica access to the profiles of their unwitting Facebook friends.
Kristina gave a talk on COMMUNICATION AND USER RIGHTS at the National Day of Communication congress 2017. This year it took place on the 17th of May on the campus of the University of Twente in Enschede.
At the center of all communications is the user but accounts about them vary: Are users exploited netslaves, or are they creative prosumers, or probably mixture of both? In her talk she discussed various communication users’ rights arising in the landscape of online services, such as the right to privacy, the right to be forgotten, the right to receive information, and the right not to be discriminated against. She acquainted the participants with users who have made an entry into the story of modern communication rights. She closes with a call for respect of user rights online which ultimately benefits all, individuals, business and society at large.
By Elizabeth Denham, Information Commissioner.
In March we announced we were conducting an assessment of the data protection risks arising from the use of data analytics, including for political purposes.
Engagement with the electorate is vital to the democratic process. Given the big data revolution it is understandable that political campaigns are exploring the potential of advanced data analysis tools to help win votes. The public have the right to expect that this takes place in accordance with the law as it relates to data protection and electronic marketing.
I believe the social media giant could target ads at depressed teens and countless other demographics. But so what?
“The tech industry is in the middle of a massive, uncontrolled social experiment. Having made commercial mass surveillance the economic foundation of our industry, we are now learning how indiscriminate collections of personal data, and the machine learning algorithms they fuel, can be put to effective political use. Unfortunately, these experiments are being run in production. Our centralized technologies could help authoritarians more than they help democracy, and the very power of the tools we’ve built for persuasion makes it difficult for us to undo the damage done. What can concerned people in the tech industry do to seize a dwindling window of opportunity, and create a less monstrous online world?”
One fundamental difference between traditional television sets and smart televisions is that the latter are connected to the internet. Like other connected devices, smart TVs make it possible to track what users do online and even offline, and therefore trigger privacy and data protection issues. We recently argued that the issue of media users’ privacy requires special attention from policymakers, not only from the perspective of data protection law, but also from media and communication law and policy. Tracking what people watch online can reveal sensitive insights into individual interests, political leanings, religious beliefs and cultural identity. In our article we challenge the lack of attention in media policy for the specific concerns about viewers’ privacy and data protection at the EU level. The latest revelations about the CIA’s attempts to turn smart TVs into eavesdropping devices (innocuously named Weeping Angel) just underscore how sensitive the issue of media users’ privacy really is, and how badly it needs protection.
Smart TV eavesdropping: a wake up call
It is rather ironic that secret services CIA and MI5 have chosen the name of Weeping Angels from the British series Doctor Who for their joint smart TV spy program. The latest media revelations – drawing on the WikiLeaks leak Vault 7: CIA Hacking Tools Revealed (on 7 March 2017) – alleging that US security services are capable of using smart TVs to eavesdrop on users do not lag behind in creepiness when compared to Angels launching attacks. Of all devices, the CIA has been targeting the TV set, our trusted friend in the living room, to capture audio (even when shut down), extract the Wi-Fi network credentials the TV uses, and other usernames and passwords stored on the TV browser. This incident is yet another wake up call to European policymakers to better protect the security of connected consumer devices and the privacy and right to confidentiality of media users.
The connective capabilities of smart TVs led to public outcries in several European countries for divulging users’ privacy in a variety of ways. In 2013, the media reported that a smart TV was found to transfer information about what users are viewing to the equipment manufacturer. In 2015, the voice control of a smart TV made headlines for incidentally eavesdropping on private conversations. We reviewed a number of implementation and enforcement actions in Germany and the Netherlands. In our analysis we show how users’ agency is being significantly reduced because information duties have not been complied with and how default settings were not privacy preserving. Overzealous data collection via smart TVs is not just a European issue. The US Federal Trade Commission just fined a smart TV provider for recording viewing habits of 11 million customers and selling them to third parties.
Beyond privacy freedom of expression at stake
One of the particularities of the discussion on smart TV privacy is that it is being dealt almost exclusively as an issue of data protection and privacy, and that the debate is completely oblivious to the broader and at least equally worrying implications for freedom of expression and media law and policy. In its 2013 Green Paper on Convergence, for example, the European Commission does acknowledge the fact that “the processing of personal data is often the prerequisite for the functioning of new services, even though the individual is often not fully aware of the collection and processing of personal data”. However, the document makes it very clear that the European Commission believes that these matters should, in the first place, be a matter for EU data protection regulation. We argue, conversely, that the issue of users’ viewing privacy is also a matter for media and communication law and policy, at both the level of the EU and its member states. This is because of the potential impact that tracking users online can have on users’ freedom to inform themselves and exercise their rights to freedom of expression. Privacy in this context is instrumental in furthering our freedom of expression rights, which is why the privacy of media users’ privacy deserves special attention. The tv set is not only the device that sees us lounging in our pyjamas on the couch (in itself reason enough to be worried about privacy). What is more important even, we use TV services to inform ourselves and prepare us for our role as informed citizens. As scholars have convincingly argued, a certain level of intellectual privacy or breathing space is indispensable for our ability to form our ideas and opinions – unmonitored by device producers, advertisers and the CIA.
The Council of Europe noted explicitly in the context of tracking users online that “[t]hese capabilities and practices can have a chilling effect on citizen participation in social, cultural and political life and, in the longer term, could have damaging effects on democracy. … More generally, they can endanger the exercise of freedom of expression and the right to receive and impart information protected under Article 10 of the European Convention on Human Rights”.
German data protection authorities observe that “[t]elevision is a central medium for conveying information and an essential condition for freedom of expression. The right to unobstructed information access is constitutionally protected and a basic prerequisite for the democratic order. The comprehensive collection, processing and using of information about user behaviour will adversely affect the exercise of that right”. The Dutch data protection authority underscores that personal data collected via smart TV is sensitive because it can reveal very individual patterns which could potentially disclose the specific social background, financial or family situation. These initiatives confirm that the user of media services may require a higher, or at least different levels of protection when consuming media content than, for example, when buying shoes online. A talk by Alexander Nix of Cambridge Analytics (listen in at 9’ 22” of the video) shows just how much companies want to tap into the data of people’s viewing behaviour.
So far, only Germany has specific privacy safeguards in its media law (Section 13 and 15 Act on Telemedia). Remarkably, in Germany viewers have the right to use their TV anonymously, insofar as this is technically feasible. German law moreover prohibits the sharing of personal data on the use of television and on-demand audiovisual media services with third parties. Only anonymised usage data can be shared with third parties for market research and analytical purposes. This ties in with literature that argues in favour of protecting privacy in order to preserve the freedom to receive information and hold opinions.
Get it done with the new e-Privacy Regulation
Thankfully, there are several opportunities for the European legislator to show that it has gotten the wake-up call and is moving into action to protect media users. The draft for a revised Audiovisual Media Service Directive does not mention privacy once – this should change, and the European legislator should follow the example of Germany, and introduce a right to read anonymously and protection from unauthorised data sharing at the European level.
Then, there is the new legislative proposal for a Privacy and Electronic Communications Regulation that will replace today’s e-Privacy Directive. Elsewhere we explain how the Privacy and Electronic Communications Regulation could become a suitable vehicle to protect the confidentiality and security of users of interactive televisions and online content services.
The European legislator should use his exclusive competence from Article 16 of the Treaty on the Functioning of the European Union in the area of data protection to introduce provisions that protect the confidentiality and security of media consumption (and not only information in transit) against unauthorised eavesdropping from within and outside the European Union.
Remains to conclude with the note that the Angels in Doctor Who are quantum-looked creatures: they cease to move when observed – were only the intelligence agency that easy to prevent from hijacking our devices.
The company’s tech incubator and think tank subsidiary Jigsaw is trying the ISIS-fighting technique Google knows best: targeted advertising.
Because voters are trickier than candidates’ data teams think.
News sites might be able to have a system of micropayments for reading a single article, instead of counting on web ads for money.