March 2020

You are currently browsing the monthly archive for March 2020.

TracingCOVIDbanners-08Across the country adhoc open data groups are meeting, holding hackathons online, they are making all sorts of apps, they are asking for data and want current data channels improved, they are making maps and deploying platforms, but also they are concerned about tracking and surveillance. These groups involve people from all levels of government, civic technology, open data, and the private sector. People are involved for all kinds of reasons and what is notable is that these are people who have agency, knowledge, and power combined with the capacity to act – the key ingredients for what Andrew Feenberg would call, technological citizenship. Doing technological citizenship is one way for people to engage in a technological society such as Canada, and in a very sophisticated and complicated information and technology situation such as a pandemic.

People’s intentions are good, but as the saying goes ‘the road to hell is paved with good intentions’ and caution and level headedness is required.

People involved in humanitarian work know this, and we have much to learn from them, and Patrick Meir is one of these great people. He shares in Digital Humanitarians: How Big Data is Changing the Face of Humanitarian Response what he learned during the 2010 Earthquake disaster in Haiti, and in other contexts. He is not alone, there is much to learn from the Signal Program on Human Security and Technology at the Harvard Humanitarian Initiative (HHI) at the Harvard T.H. Chan School of Public Health, the Responsible Data project and the Protection Information Management (PIM) initiative.

It is time to bring this overseas humanitarian crisis work home!

This is an exceptional time and right now we are witnessing the erosion of basic rights in exchange public good, as the situation is ‘evolving’, while a new form of data politics emerges with little or no discussion of data governance. The changes comes with an increase in surveillance and control, which might stay longer than we had thought and hoped for.

This too is not new, and the Signal Code work was developed precisely for this type of situation. These researchers advocate for a rights based approach for humanitarian information activities (HIA) work during a crisis, a pandemic is arguably a crisis, and they refer to the Humanitarian Charter and Minimum Standards in Humanitarian Response that starts with an understanding of dignity as being:

…more than physical well-being; it demands respect for the whole person, including the values and beliefs of individuals and affected communities, and respect for their human rights, including liberty, freedom of conscience and religious observance.

They also argue for a duty of care to be operationalized during the crisis, and I would argue that this should be done by us and our governors and administrators, so that we do not use this pandemic as reasoning to violate rights, to circumvent the law and to be negligent in our data and technology work. The COVID-19 pandemic is temporary, but the data collected and the technologies built will live beyond the crisis. There therefore a duty to be responsible now and to develop data governance strategies for the future.

The goal of the Signal Code is to develop ethical obligations for humanitarian actors including minimum technical standards for the safe, ethical, and responsible conduct of humanitarian information activities (HIAs) before, during, and after disasters strike. They provide the following five rights when conducting HIAs:

1. The Right to Information

Access to information during crisis, as well as the means to communicate it, is a basic humanitarian need. Thus, all people and populations have a fundamental right to generate, access, acquire, transmit, and benefit from information during crisis. The right to information during crisis exists at every phase of a crisis, regardless of the geographic location, political, cultural, or operational context or its severity

2. The Right to Protection

All people have a right to protection of their life, liberty, and security of person from potential threats and harms resulting directly or indirectly from the use of ICTs or data that may pertain to them. These harms and threats include factors and instances that impact or may impact a person’s safety, social status, and respect for their human rights. Populations affected by crises, in particular armed conflict and other violent situations, are fundamentally vulnerable. HIAs have the potential to cause and magnify unique types of risks and harms that increase the vulnerability of these at-risk populations, especially by the mishandling of sensitive data.

3. The Right to Privacy and Security

All people have a right to have their personal information treated in ways consistent with internationally accepted legal, ethical, and technical standards of individual privacy and data protection. Any exception to data privacy and protection during crises exercised by humanitarian actors must be applied in ways consistent with international human rights and humanitarian law and standards.

4. The Right to Data Agency

Everyone has the right to agency over the collection, use, and disclosure of their personally identifiable information (PII) and aggregate data that includes their personal information, such as demographically identifiable information (DII). Populations have the right to be reasonably informed about information activities during all phases of information acquisition and use.

5. The Right to Rectification and Redress

All people have the right to rectification of demonstrably false, inaccurate, or incompletedata collected about them. As part of this right, individuals and communities have a right to establish the existence of and access to personal data collected about themselves. All people have a right to redress from relevant parties when harm was caused as a result of either data collected about them or the way in which data pertaining to them were collected, processed, or used.

These are important to consider. I will come back to these in the coming days and I will point to insight provided by other who have first hand experience of doing data work during a time of crisis. I hope this is food for thought.

TracingCOVIDbanners-0814 days later!

Both Hugh and I agree, that it is time to use this platform again.

COVID-19 and cell phone data tracking is a Privacy Paradox par excellence! The the concept originally encapsulated how we were willing to trade-off the sharing of one’s data for the use of a ‘free’ social media platform.  We kinda’ knew that our data were being sold off to third parties, and traded by data brokers, and we sorta let it go, so we reacted by setting up some add blockers, adjusting our settings, using VPNs, or changing our browsers to things like DuckDuckGo. As imperfect as that situation was and is, that is what we did and it is what we do.

But cell phone tracking is something quite different.

Helen Nissembaum‘s Contextual Integrity (CI) is a very useful framework to think this through, for her “privacy, defined as CI, is preserved when information flows generated by an action or practice conform to legitimate contextual informational norms; it is violated when they are breached“. There are four CI theses as follows:

  • Thesis 1: Privacy is the Appropriate Flow of Personal Information
  • Thesis 2: Appropriate Flows Conform with Contextual Informational Norms (“Privacy Norms”)
  • Thesis 3: Five Parameters Define Privacy (Contextual Informational) Norms: Subject, Sender, Recipient, Information Type, and Transmission Principle
  • Thesis 4: The Ethical Legitimacy of Privacy Norms is Evaluated in Terms of: A) Interests of Affected Parties, B) Ethical and Political Values, and C) Contextual Functions, Purposes, and Values.

In terms of norms, social media is one thing, we do get upset when we find out that our photos are being used for facial recognition by our law enforcement institutions, when behaviour is tracked for targeted marketing purposes by data brokers or worse when scurrilous actors use our data to disrupt democracy. But our cell phone data, that is another level! We also know about UBER and smart phone provider transgressions but we seem to know very little about the Murkyness of Telecom Surveillance.  Furthermore, we are beginning to realize, that we cannot Privacy By Design (PbD) our way out of this, nor is cybersecurity enough, and that institutional and technological solutionism, falls short! We need to figure out how to govern these data practices right now.

These are exceptional times, circumstances are exceptional, the stakes are high, and the norms they are a changin’ . CI helps frame our thinking, although, Nissembaum also realizes that her thesis may need to reconsider how technology is an actor, while Teresa Scassa in Private Sector Data, Privacy and Pandemics and Michael Geist both warn us about the new normal, they also define and categorize types of data in a pandemic situation to help us out, frame their analysis with issues pertaining to law, policy and governance, and provide ways to circumscribe how these data might be shared to serve the public good or interest at this time.

But, who will govern this, and for long will this ‘sharing’ & tracking go on for?

What is for sure, just like 911 set new benchmarks in terms of what kind of surveillance we wound up ‘living with’,  COVID-19 will change data and technological monitoring norms. This may also be a time where we might change the course what surveillance we will accept, as presumably we are smarter now! There are perils and there are opportunities. How will we govern ourselves and our data during and post the pandemic era!

Below is a smattering of news articles on the topic: