The Great Hack and the dysaguria of Cambridge Analytica

Great Hack poster via IMDBThe Great Hack has just dropped on Netflix (IMDB | Rotten Tomatoes | wikipedia | poster left). It is a documentary that explores “how a data company named Cambridge Analytica came to symbolize the dark side of social media in the wake of the 2016 US presidential election”. Much has already been written about the Cambridge Analytica scandal (eg ICO here and here (pdfs) | Carole Cadwalladr in The Guardian), and a great deal more will be written as the movie is reviewed in the coming days. I don’t propose to add to those torrents here. Rather, I simply want to observe that there is a word for a company that symbolizes the dark side of social media.

Reacting to Thomas More’s coinage of “utopia” as the “perfect state”, from the Greek “eu” meaning “good”, and “topos” meaning “place”, John Stuart Mill coined “dystopia” as the “frightening state”, from the Greek “dys” meaning “bad”, and (again) “topos” meaning “place”. But, whilst “dystopia” is perfect to describe a “frightening state” and its frightened society, it is not particularly apt to describe a “frightening company” and its frightened society. Indeed, we don’t really have the words for when a corporate society goes bad; “dystopia” and “dystopian” have been pressed into service (even in the context of reviewing The Great Hack: “Watching this film, you literally start to wonder if history has been warped towards a sickening dystopia”); but the warped society in that movie is very different to the warped society in classic dystopian fiction (such as, to take the obvious example, Orwell’s 1984). We can’t easily discuss a phenomenon until we have the proper words to describe it. As a consequence, in a world of surveillance capitalism where big data companies battle to collect our data and control the world, I think we urgently need to devise appropriate terms for frightening companies and frightened societies. One way to do so is to follow the lead provided by More and Mill. Let’s keep Mill’s “dys” as the prefix, and look for a suitable Greek word, analogous to “topos”, to which to add it. “Aguris”, which means “crowd” or “group” (or “gathering”, “assembly” or “marketplace”, and which has already lent other words to modern English). Hence, from “dys” meaning “bad”, and “aguris” meaning “crowd” or “group”, I suggest “dysaguria”, as a noun meaning “frightening company”, and “dysagurian” as the adjective to describe that company and its frightened society.

Indeed, “dysaguria” is the perfect noun and “dysagurian” is the perfect adjective to describe the eponymous company in Dave Eggers’ The Circle, Gryzzl on Parks and Recreation, and Centillion in Ken Liu’s short story “The Perfect Match”. They are also the perfect words to describe the world exemplified by Cambridge Analytica. If we are not living in a frightening present, then we are certainly facing a frightening future, in which frightening companies frighten society; and the words to describe this are not “dysatopia” and “dystopian” but “dysaguria” and “dysagurian”.

Not archiving the .ie domain, and the death of new politics

Internet Archive Googly Eyes via FlickrAbout this time last year, the Government lost some votes on important issues as the Bill that became the Data Protection Act 2018 (also here) was at Committee Stage in the Dáil. Writing on this blog, I described this as an example of new politics making for interesting times. Rather magnanimously, they did not seek to reverse these defeats; at the last stage of the Bill, the Minister confirmed that it was “not [his] intention to revisit the putting of the amendment in any other form”. In the intervening year, much has changed – for one thing, we are a year closer to a general election, commentators forecast that the next budget in October will be this Government’s last, and there is speculation that the Taoiseach may even call a snap election earlier than that. All of this means that the detente of new politics is breaking down. There can be no surer sign of this than that the Government is no longer magnanimously prepared to accept parliamentary defeats, and will reverse them if it can. There was a shameful example of this arrogance earlier this week in the Seanad, during the Report Stage debate on the Copyright and Other Intellectual Property Law Provisions Bill 2018.

At Committee Stage, the Seanad approved an amendment put down by Senator Fintan Warfield (Sinn Féin) and opposed by the Government that would have ensured that that the archiving of the .ie domain would not infringe copyright. Writing on this blog, I welcomed this outcome as excellent news as a matter of principle, and an important step in making Irish copyright law fit for the digital age. However, at Report State, in an unseemly fit of pique, the Minister who had carriage of the Bill during the debate (the Minister of State for Training, Skills, Innovation, Research and Development, John Halligan TD) unapologetically restated his objections that there were issues with other government departments and public institutions, and that it would have significant resource implications, and he put down an amendment to reverse Senator Warfield’s earlier successful amendment (see amendment no 7 here). In the event, Senator Warfield acquiesced in the Minister’s amendment with a heavy heart, and it was accepted by the Seanad without a vote. All that remains is a commitment to bring forward proposals within a year.

Meanwhile, Ireland will – entirely unnecessarily – lag far behind the US and the UK. For example, in the US, the Internet Archive (the digital equivalent of the ancient library of Alexandria) is building a digital library of Internet sites and other cultural artifacts in digital form, searchable through its Wayback Machine. Similarly, the UK Web Archive performs an automated collection of UK websites (otherwise known as a ‘crawl’) at least once a year, and it collects a number of important websites more frequently (up to daily). The Minister’s petty amendment means that Irish libraries and archives cannot match even the modest collecting of the UK Web Archive, let alone replicate the greater ambition of the Internet Archive.

There is much to be welcomed in the Bill, and I look forward to it being signed into law by the President, but the removal of Senator Warfield’s sensible amendment is a blot on the escutcheon of the Government in its final days in office.

Denis O’Brien’s case against the Sunday Business Post should never have reached the High Court – updated

Cover SBP 3 MarIn today’s Sunday Business Post (as trailed on the front cover, here; element left), I have an OpEd (sub req’d) in which I argue that O’Brien’s case should never have reached the High Court, and that the Department of Justice needs to publish its review of the Defamation Act as soon as possible (you can download it below). It’s part of a bumper collection of articles on the case (spread here and here):

Emmet Oliver: A man named Sue. The eagerness with which Denis O’Brien has taken legal actions in recent years shows the urgent need for a comprehensive overhaul of Ireland’s libel laws.

Francesca Comyn: A refusal to wave the white flag. At its core, The Sunday Business Post’s victory over tycoon Denis O’Brien in the High Court was a broader win for journalism and the Irish media.

Susan O’Keeffe: Defamation ruling a victory for freedom of the press. Even when journalists are sure of their facts, they take a risk once they tangle with power, a risk worth taking because it’s important for journalism and democracy.

Eoin O’Dell: O’Brien’s case should never have reached the High Court. The Department of Justice needs to publish its review of the Defamation Act as soon as possible (you can download it below).

And the newspaper has put the articles by Tom Lyons and Ian Kehoe which caused the furore outside its paywall, so you can see what all the fuss was about.

Public interest journalism at its finest: worth defending, and celebrating, and paying for.

Update 1: I am grateful to the Sunday Business Post for allowing me to post my op-ed for download here (.doc) so soon after publication.

Update 2: Mick Fealty discusses my SBP piece on Slugger O’Toole.

Orphan works – a small corner of copyright law that will suffer after Brexit

BL-spare-rib-final-homepage-banner-(element)From today’s Guardian:

Spare Rib digital archive faces closure in event of no-deal Brexit

EU copyright exception would no longer protect British Library scans of pioneering feminist magazine

Spare Rib, the trailblazing women’s magazine that defined generations of feminism, faces the axe from the British Library’s digital archive if there is no Brexit deal, it has emerged

The magazine ran from 1972 to 1993, and all 11,000 articles, cartoons and photographs were made digitally available in 2015 as part of the joint efforts of the British Library (BL) and the Spare Rib Collective.

The British Library’s website explains:

Spare Rib Archive – possible suspension of access

Polly Russell explains why the Spare Rib resource may be suspended in the event of a ‘no deal’ withdrawal from the EU

In 2015, as part of our commitment to making our intellectual heritage available to everyone for research, inspiration and enjoyment, the British Library digitised and made available the full run of the feminist magazine Spare Rib available via the Jisc Journals platform.

The EU orphan works directive currently allows … material [where the rights-holder cannot be identified after a diligent search] to be made available by cultural heritage institutions. Around 57% of the Spare Rib archive – some 11,000 articles and images from 2,700 contributors – benefits from this protection.

Should the UK exit the EU without a withdrawal agreement, however, we have been advised by the Intellectual Property Office (IPO) that this legal exception will no longer apply. In those circumstances, the Library would have to suspend access to the archive or be in breach of copyright.

And in turn, the Intellectual Property Office’s website explains (in the Explanatory Memorandum (pdf) to the draft Intellectual Property (Copyright and Related Rights) (Amendment) (EU Exit) Regulations 2018) (pdf):

7.10 … the Orphan Works Directive … was inserted by the Copyright and Rights in Performances (Certain Permitted Uses of Orphan Works) Regulations 2014. It provides for a copyright exception for cultural heritage institutions to digitise and make available to the public, across the EU, orphan works (copyright works where the right holder is unknown or cannot be found). The exception works by recognising the orphan status of works across the EU, as long as a diligent search has been completed and the details entered onto a database held by the EU Intellectual Property Office (EUIPO). When the UK leaves the EU, this mutual recognition will fall away and the EU will not recognise the orphan status of works that UK libraries, museums, and other cultural heritage institutions place online, and the UK will not have access to the database held by the EUIPO. Consequently, the European orphan works exception will come to an end on exit. UK cultural heritage institutions will no longer be able to make available online across the EU orphan works, under an exception to copyright. However, cultural heritage institutions in the UK will still be able to make use of the UK’s existing domestic Orphan Works Licensing Scheme …

Unlike other sectors where anomalies like this are dealt with in the politically-controversial Withdrawal Agreement (the Agreement on the withdrawal of the United Kingdom of Great Britain and Northern Ireland from the European Union and the European Atomic Energy Community, as endorsed by leaders at a special meeting of the European Council on 25 November 2018 (pdf)) (the most recent controversy is here, also from today’s Guardian), the text of Title IV on Intellectual Property is silent on the issue of copyright in general, to say nothing of orphan works in particular. Section 2 of the European Union (Withdrawal) Act 2018 provides a saver for “EU-derived domestic legislation” to continue to have effect in domestic law after the UK leaves the EU. And this is sufficient to save much EU-derived copyright law. But, because of the trans-border operation of the Orphan Works Directive (Directive 2012/28/EU of the European Parliament and of the Council of 25 October 2012 on certain permitted uses of orphan works (OJ L 299, 27.10.2012, p. 5–12), and the role of the EU Intellectual Property Office (EU IPO) in hosting the Orphan Works Database, section 2 of the Act is insufficient.

Of course, it won’t just be Spare Rib that’s affected, though that makes for an eye-catching headline. It will anything in the British Library’s digital collection that relies on registration with the EU IPO. Moreover, I wonder whether this cuts both ways: to the extent that EU collections rely on British registrations with the EU IPO, will those collections be able to rely on the Orphan Works Directive after Brexit? The logic of the UK IPO’s position suggests not.

Oh dear!

Update (26 February 2019): Writing on his Ipso Jure blog, Peter Groves was just as surprised by the Guardian story as I was; and his first thought (just as it was mine) was that the Orphan Works Directive would “surely remain part of UK law”. Even if it is not carried over, he thinks that existing UK orphan work registrations with the EU IPO would continue to have effect in UK law: if the British Library “has published stuff in reliance on the fact that it was in the database then it seems to have complied with” UK law. And he concludes on this point:

It looks as if Cultural Heritage Institutions in the UK will no longer be able to look at the EUIPO database (which seems a bit miserly) so in future it would be impossible to comply with [the UK legislation]: but that doesn’t have to destroy the legal basis for the Spare Rib archive.

The further GDPR travails of Ross O’Carroll-Kelly

Statue of Ross O'Carroll-Kelly, via Wikipedia
Statue of Ross O’Carroll-Kelly
Ross O’Carroll-Kelly (pictured left) is in GDPR-trouble again. Last time, he was fired from his job as an estate-agent for failing to report a data breach, when his work lap-top was stolen from his car just as the GDPR came into full effect. This time (as recounted in last Saturday’s Irish Times magazine; audio here), he learns to his great cost the power of the data subject access request under Article 15 GDPR.

The background is well explained by Jennifer O’Connell’s experiences also recounted in last Saturday’s Irish Times magazine. Her story starts with staff members in a hotel asking customers: “If you enjoyed the service, would you minding leaving a TripAdvisor review, and mentioning me by name?” As she explains

It’s not only people in the service industry whose job security now rests on the whims of the terminally irate. If you’re a writer, Goodreads and Amazon reviews are your nemesis. If you’re a driver, it’s Uber. If you rent out your house, it’s Airbnb. If you’re a journalist, it’s the below-the-line comments.

She hasn’t reviewed the hotel waiter yet (she’ll be kind); but “in a Dublin hotel a few months ago, unable to sleep due to the sound of the four-hour, vigorous, live-action porn show on the other side of the cardboard door connecting [her] room with the one next door, [she] lay there plotting [her] TripAdvisor review”.

However, on some of these platforms, reviews go both ways. For example, not only do riders rate drivers on Uber, but, after every trip, drivers can rate riders as well. It is the same with the taxi app being used by Ross’s wife, Sorcha. She’s worried because she has an average “one-stor” customer rating from the drivers, out of five, which the lowest rating that it’s possible to get. This gets Ross worried too, not because he’s concerned for his wife, but

because her one-stor rating is almost certainly down to me, given that I’ve been using her account for the past six months and taxi drivers tend to bring out the worst side of my personality.

He tries to make light of it, but Sorcha is having none of it, revealing that she has already

… made a Data Access Subject Request. … All citizens have the right to access their personal data, Ross. I’m entitled to know why taxi drivers seem to think so little of me, especially given how much I tip.

As Sorcha leaves Ross to check whether the postman had delivered the hardcopy reply, their daughter-from-hell, Honor, arrives, having intercepted the post along the way. Together, they read all the horrible things Ross said to the taxi drivers over the previous six months; and they learn of some co-passengers Sorcha might not like to learn about; so Ross bribes Honor a thousand euros not to say anything to her mother. She agrees. And Ross relaxes, thinking he’s off scot-free. Then:

Sorcha steps back into the kitchen. “Nothing in the post,” she goes.

I’m there, “Like I said, you should just let it go, Babes.”

“No, it’s fine,” she goes, holding up her phone, “because they’ve emailed me the information anyway.”

Honor stands up from the table. She goes, “I’ll leave you to it, Dad. I still want that thousand euros, by the way.”

I wonder if anyone’s left a comment on Jennifer’s TripAdvisor review of the performance in the adjacent hotel room, or perhaps lodged a subject access request to find out more about it?

Navigating Privacy in a Data Centric World

Jules Polonetsky, via FPF siteOn Monday, 28 January 2019, 16.00-17.30, in Regent House (map), Trinity College Dublin, Jules Polonetsky (CEO, Future of Privacy Forum; pictured left) will give a public lecture on

Navigating Privacy in a Data Centric World

Almost every area of technical progress today is reliant on ever broader access to personal information. Companies, academic researchers, governments and philanthropists utilise ever more sensitive data about individuals movements, health, online browsing, home activity, social interactions. To collect the data, cars, drones, phones, wearables, TVs and faces are tracked. Sensors that see and hear collect new types of information and machine learning provides exponentially deeper analysis. Will European data protection reshape the leading data intensive technologies? With the backlash against tech company practices lead to regulation in the US and globally? What role for Ireland at the centre of the new generation of regulation and tech development? Can data be mined for the benefit of society without creating an Orwellian future?

Jules Polonetsky is CEO of the Future of Privacy Forum (PFP). It is a nonprofit organisation that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. FPF brings together industry, academics, civil society and other thought leaders to explore the challenges posed by technological innovation and develops privacy protections, ethical norms and workable business practices. FPF is based in Washington DC, and is active in the US, Europe and Israel.

This event is organised by the Ethics & Privacy Working Group of the ADAPT Centre, in conjunction with the Trinity Long Room Hub, the Technologies, Law and Society Research Group at TCD School of Law, TCD School of Religions, Peace Studies and Theology, TCD Library and DCU Institute of Ethics.

The event is free; and all are welcome to attend; but booking via Eventbrite is essential.

Did Christmas come early for NJ commuters who were showered with money last week?

Flying dollarsAccording to Wikipedia, Betteridge’s law of headlines is an adage that states: “Any headline that ends in a question mark can be answered by the word no”. That is true of the question in the title to this post: no, Christmas did not come early for NJ commuters who were showered with money last week. The CBS headline tells the story: Armored truck spills cash on N.J. highway, drivers rush to grab dollars and crashes ensue. Of the more than $500,000 that spilled on to the highway, nearly $300,000 remains missing, and the bank and the police want it back. As with overactive ATMs, these flying dollars are not so many early Christmas presents, the bank is entitled to recover them, and retaining them may very well amount to theft.

60minutes says that the GDPR is the law that lets Europeans take back their data from big tech companies




From the report embedded above (with added links):

Tech companies’ reign over users’ personal data has run largely unchecked in the age of the internet. Europe is seeking to end that with a new law

… the European Union enacted the world’s most ambitious internet privacy law [the General Data Protection Regulation (the GDPR)], even winning support from the CEO of the biggest tech company in America, Apple’s Tim Cook. …

Max Schrems: The default under the European system is you’re not allowed to use someone else’s data unless you have a justification. …

Jeffrey Chester: Americans have no control today about the information that’s collected about them every second of their lives. …

Today, if one of the big tech companies chooses to ignore Europe’s new data protection law it could cost them 4 percent of their global revenues, which for the biggest companies would mean billions of dollars. Those decisions will likely be made here in Dublin, … Ireland’s data protection commissioner Helen Dixon says it’s not going to be business as usual.

Helen Dixon: U.S. internet companies have no doubt that this law is serious, it has serious bite. And all of them are eager to avoid any engagement with that.

Dixon says tech companies are spending tens of millions of dollars hiring lawyers, compliance officers and engineers to make sure they are operating within the law. …

Steve Kroft: You think the big tech companies, the people in Silicon Valley are taking this seriously?

Eoin O’Dell: I think they have to.

Eoin O’Dell is a law professor at Trinity College in Dublin and a leading expert on European privacy law. He says Europe has now established an international standard for internet privacy, and companies like Facebook, Google and Amazon are not about to retreat from a $17 trillion market.

Eoin O’Dell: We have safety standards in cars, but that hasn’t stopped us driving cars. We have emissions standards for – for the gas in the cars but that hasn’t stopped us using the gas in the cars . The data companies are – going to comply in the same way as the – car companies have complied

Steve Kroft: To stay in business.

Eoin O’Dell: To stay in business.

Since the European privacy law was passed, at least ten other countries have adopted similar rules. So has the state of California. Perhaps sensing the inevitable, Facebook, Twitter, Google and Amazon are now saying they could support a U.S. privacy law if they were given considerable input. The Internet Association, which lobbies for big tech, and its president Michael Beckerman say they would support giving Americans reasonable access to their information and some privacy rights now enjoyed by the Europeans. …

Produced by Maria Gavrilovic. Associate producer, Alex Ortiz.