I’m conflicted by the Sweden-initiated resolution (PDF, HTML) on “The promotion, protection and enjoyment of human rights on the Internet”, adopted in a consensus by the UN Human Rights Council on July 5, and subsequently portrayed in a NYT op-ed as a “victory for the Internet” by Sweden’s foreign minister Carl Bildt.
The main thrust of the resolution lies in its first article (the others and the preamble are more aspirational in nature):
The Human Rights Council, […]
1. Affirms that the same rights that people have offline must also be protected online, in particular freedom of expression, which is applicable regardless of frontiers and through any media of one’s choice, in accordance with articles 19 of the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights;
My ambivalence stems from this: The flip side to affirming the equivalence of online and offline rights is that it also affirms the equivalence of the limitations on those rights, as currently interpreted and implemented by national governments.
In practice, many countries fall far short of allowing their citizens the full exercise of their (offline) right to free expression as enumerated by the Universal Declaration of Human Rights and related texts. This shortfall is justified on the basis of national security concerns or cultural differences such as religious or national sensitivities or even especially draconian libel laws.
With this new resolution, such rationalizations can now be transposed wholesale into arguments for a likewise censoring of the Internet. Instead of preserving the freedom of the Internet, it could give authoritarians further legal cover to constrain it, allowing the entrenched justifications from meatspace to bleed into cyberspace.
Why lament an explicit declaration of the equivalence of the offline with the online? Because the Internet has been and still is a disruptive force in favor of free expression, especially in places like Iran, Belarus and China, despite increasing technical and legal attempts to “nationalize” it, with varying degrees of success.
Such nationalization projects, of which the Great Chinese Firewall is the most advanced, aim to give authoritarian regimes renewed monopoly control over the flow of information among citizens — a monopoly once enjoyed in the offline world, but lost when the Internet came calling. This new resolution gives authoritarian regimes legal permission to bring such offline controls online.
In a best-case scenario, the resolution is ineffectual; even Cuba and China have signed on (with reservations). In the worst case, dubious justifications for offline controls on free expression made within the existing human rights frameworks will now be applied online. Much better (and therefore unlikely to succeed) would have been a resolution which:
1. Affirms that the same rights that people have online must also be protected offline, …
Sweden ramps up a major foreign policy initiative this week when it hosts the inaugural Stockholm Internet Forum, bringing together 300 technologists, activists and scholars from around the world to brainstorm “Internet freedom for global development”. By linking net freedom to social development, Sweden becomes one of a handful of countries for which defending the rights of Internet users beyond its borders is now an explicit foreign policy goal.
Underlying this policy of promoting Internet freedom abroad lies the assumption that there is Internet freedom within. So just how free are people emailing in Umeå, linking in Linköping or downloading in Dalarna? From a policy perspective, is the set of laws regulating Internet use inside Sweden worth emulating abroad?
To answer these questions, it helps to to look at six facets of Internet freedom that have come to loom large as ever-greater parts of our lives are lived online: Connectivity, transparency, censorship, surveillance, privacy and copyright. How does Sweden fare in each of these areas?
Sweden is one of the world’s best-connected countries, with around 90% of households having access to the Internet. It was also one of the earliest countries to see a majority of its population online — by 2001 — in part because regulations promoting competition ensured shared access to Internet infrastructure, keeping prices far below the European average.
On the other hand, network operators are free to prioritize the different types of data they deliver to subscribers; there is no legal requirement to be “network neutral”, though most are, given the competitive landscape. Overall, argues Patrik Fältström, head of research at the Swedish Internet infrastructure organization Netnod, the result has been positive: “The access you get when you buy simple broadband access is more open than most other places on the planet,” he says.
One response to having so many Swedes online so quickly was to move government services there. In Sweden it has long been possible to file taxes online. Since 2003, Sweden has an e-government task force dedicated to delivering all government services — municipal, county and national — online. By 2008, it topped the UN’s global e-government readiness rankings.
Providing e-services is one thing; compelling government agencies to make their public datasets available online in free and open formats has proven far harder, despite a long tradition of making (analog) documents public. In part, this is due to vague directives that have let reluctant bureaucracies drag their feet.
Sweden thus lags behind “open government” leaders, notably the US and UK, and is alone among Scandinavian countries in not having a national open data portal. There are individual successes, such as the open data portal by Sweden’s international aid agency SIDA. Overall, still only one third of Swedish public data sources are available online in an open and free format.
In Sweden there is no law that compels Internet service providers (ISPs) to block access to sites. ISPs voluntarily collaborate with police to block a centralized list of sites trafficking in child sexual abuse.
And yet such a system is not ideal, argues Marcin de Kaminski, an Internet researcher at the department of Sociology of Law at Lund University. That’s because there is no transparency in how the blacklist is maintained. “There is no way to legally appeal a list entry, for instance,” he says, ” and there is no third-party control of what is actually blocked.”
The risk, then, is that an unregulated block list could end up being used as a political tool — perhaps not in Sweden, where trust in the police is high and there is widespread disdain for censorship — but in other countries looking to adopt the Swedish model of Internet regulation. “Even though the Swedish blocklist has these flaws,” says de Kaminski, “it is used as a role model in the European discussion about block lists.”
In 2008 Sweden’s parliament narrowly passed a law that lets its signals intelligence agency (FRA) monitor the content of all cross-border cable-based Internet traffic to combat “external threats” such as terrorism and organized crime — but only after obtaining court permission on a case-per-case basis, and upon the explicit request of government or defense agencies. In 2012 parliament broadly passed the “Data Retention Directive” (DLD) which compels ISPs to store the who, where, and when (but not the what) of online communication within Sweden for six months, in case law enforcement agencies come calling for their investigations with a court order.
The FRA law has proven controversial in Sweden; the DLD law not so much. One reason is that they both exist within a European context, where EU directives guide how national legislatures are meant to implement laws. While the DLD law implements a minimal version of the European Data Retention Directive of 2006, the FRA law goes beyond the directive’s scope by allowing the surveillance of content.
Sweden’s Data Inspection Board has long worked to ensure that personal information stays protected when handled by government agencies, businesses and people. The Internet has greatly transformed its role, which now includes combating cyberbullying and regulating use of cloud-based data storage. One complicating factor is that many of the services people use to share personal data — Facebook, Google — lie outside Sweden’s jurisdiction. Another is the natural tension between the right to privacy and the right to free expression and a free press, with that balance scrambled by the rise of blogs and semi-private publishing on social media platforms.
File sharing is popular in Sweden, especially among youth, even though much of it is illegal under Swedish copyright law. In an effort to enforce copyright protection online, parliament in 2009 broadly passed a law implementing the EU directive on intellectual property rights enforcement (IPRED). The law allows criminal prosecution and jail terms for heavy illegal file sharers, and compels ISPs to identify suspected offenders upon request by a court of law.
Unlike France, Sweden’s implementation of IPRED does not cut off Internet access for repeat offenders. Swedish courts have also ruled that the right to privacy of suspected occasional file sharers trumps the interests of copyright holders, curtailing IPRED’s scope to more serious cases. Sweden’s IPRED law is currently being challenged in the European Court of Justice for violating European personal integrity laws.
Both IPRED and ACTA are proving controversial, especially with Swedish youth. Sweden’s Pirate Party parlayed this popular discontent into its first ever European Parliament seats in 2009. Criticism comes in several flavors: Pirate Party supporters wants to overhaul the very notion of copyright, so that the online remix culture and other non-commercial uses of creative content are exempt from regulation. Says Rick Falkvinge, founder of the Pirate Party: “The civil liberties that our parents enjoyed offline must carry over into the online world.”
Others worry that the enforcement laws being implemented have their priorities wrong, or are too intrusive. Argues de Kaminski: “What we need to do is establish rights and principles of freedom concerning the Internet — so that we have a free, open and secure base to begin with. Then we can start to discuss the necessary exceptions.”
When it comes to assessing the FRA, DLD and IPRED laws, the block list and privacy protections, it is worth remembering that they operate within a specific Swedish context. Replicating these laws may not produce the same results in places that do not also have Sweden’s negligible corruption, high levels of trust in public institutions, and a culture of free expression — non-legislated norms. Internet Freedom in Sweden is determined by more than the sum of its legislative parts.
Some outstanding questions regarding Twitter’s new country-specific censorship system:
Mobile clients: Will Twitter’s mobile clients also get the ability to let the user manually choose their jurisdiction, just like they now can on the full browser client? Currently neither the mobile web client nor the phone apps let you. This matters because much (most?) tweeting is done from mobile devices, especially when people are busy bringing down dictators.
Transparency:Twitter says it will promptly notify users if their content has been withheld, “unless we are legally prohibited from doing so.” It also says it will post requests to withhold content to the Chilling Effects website. Does that include all requests, or only those it is not prohibited from posting? Does Twitter anticipate operating in countries where it is illegal to make public the specifics of a takedown request in any jurisdiction?
Country-withheld content: Here is my best guess at how the country-specific censorship system works, based on testing: Before the browser requests new tweets from Twitter’s server, it first checks a cookie to see if the country location setting has been manually overridden. If it has not, then Twitter geolocates the IP address of the browser and filters the resulting twitter feed for that jurisdiction before sending the tweets along to the client. If the country setting has been manually overridden, then the browser sends along the chosen country to the server, which proceeds to filter the feed for that country, rather than the geolocation IP address. Is this correct?
Forms of censorship:Twitter states that sovereign jurisdictions can request the withholding of individual tweets and/or of entire accounts, and also writes that this withholding can only be reactive, in response to “a valid and applicable legal request.” The problem is, I can think of several scenarios where this might not be enough to avoid breaking local laws. For example:
France and Germany among others prohibit search engines within their jurisdiction from linking to specific sites they deem illegal. If Twitter is not going to use a block list to pre-emptively withhold tweets containing such links in these countries, will it be breaking the law?
If a tweet has been retweeted (natively, or by using RT, or by using quotes, or after a slight edit) by a number of users by the time a withholding request arrives which Twitter agrees to comply with, will there be an effort to remove these retweets in that jurisdiction? Might not the legal entity making the request reasonably expect these to all be one-and-the-same tweet?
It’s clear by now that Twitter’s new censorship regime is a pre-emptive move to keep the scope of censorship to within the jurisdictions of the legal authorities making the requests. This way, if Twitter is obliged by French law to remove a tweet deemed illegal in France, it will only be removed from French timelines — the rest of the world will continue to see it.
In its implementation, Twitter’s censorship system is very easy to circumvent by users — no doubt intentionally. I’ve played around with it using a virtual private network (VPN) to access my account from various countries in various setups; the workaround is trivial, albeit with a few twists.
Twitter’s own FAQ pages give two massive hints as to how to go about it:
However, because Twitter might “misidentify” your country, Twitter says you get to manually override the chosen country in your Twitter account settings. Your choice is saved as a cookie in your browser. Twitter says it does not store this information on its servers.
Circumventing Twitter’s censorship is not as easy as choosing the “Worldwide” option from the dropdown menu of countries — a choice which you might assume places you outside any jurisdiction.
Choosing “Worldwide” has the opposite effect, in fact: Your censorship regime will automatically default to whatever jurisdiction your browser finds itself in. So if you choose “Worldwide” from a Swedish IP address, your country setting will immediately switch to Sweden. If you later move to an Egyptian IP address, the country setting will automatically switch to Egypt.
The “Worldwide” setting is Twitter’s default. If you haven’t changed your country manually in your account settings, this is how Twitter will choose your censorship regime. (If your IP address is not on the dropdown list of 59 countries, such as for Belgium, then the country is listed as “Worldwide” *.)
What if you are in the US, and want to ensure that your censorship regime stays American when you travel? Even though your country is listed as “United States” by default, that will change when you leave the US, unless you do this: Select any other country, save changes (and provide your password), then select the United States, and save changes. Even though the before and after settings will look exactly the same, you have now forced the browser to choose the US as your country, as opposed to whatever country you happen to be in.
But regardless of what country you happen to be in, why not choose one with best practices in free speech? A quick look at the Press Freedom Index shows that the Netherlands, Sweden and Switzerland are great choices. The governments of the Netherlands and Sweden in particular have been vocal in their defense of the net freedom agenda.
I’ve confirmed by using the same Twitter account on several browsers simultaneously across different IP addresses that the country setting for each browser is independent, saved locally in a cookie. This means you can have a second browser set to a different country, in case your default setting coughs up a censored tweet. It’s also a great way to compare and contrast censorship regimes.
In sum, circumventing Twitter’s censorship model is trivial, and I’m sure that’s not because Twitter is incompetent. What I do worry about is that this model is not robust against the future demands of censors. The wording of SOPA and PIPA, had they become law, could have been construed to classify the opt-out nature of Twitter’s censorship model as an enabler of piracy. And what about those Taliban tweets? If the US ever gets around to censoring those, it would certainly not be content with barring them just from the US; Twitter is a US company, and it can be compelled to act globally by US law.
While the newly introduced censorship model will allow Twitter to expand to countries like France and Germany, where historical baggage from World War II results in peculiar censorship regimes, or the UK, which has unique defamation laws, it is possible that new laws or future legal tests of Twitter’s approach will prohibit this censorship model. It’s great of Twitter to try, of course, but it makes Twitter’s expansion into new jurisdictions somewhat precarious, as the company may suddenly find itself faced with the grim choice of having to dismantle its opt-out censorship model in some jurisdictions, or pulling out operations from that country entirely.
Fortunately. Twitter is unlikely to ever set up shop in countries where revolutionaries are still fighting the good fight, and relying on Twitter to do so. In those countries, Twitter will not care about what the regime demands. They’ll just have to block Twitter wholesale, just as Iran, Vietnam and China currently do.
(* I suspect, but cannot prove absent a censored recent tweet to test with, that when Worldwide is selected for an IP address not from a listed country, the censorship regime defaults to that of the US. One reason I think this is the case is that only from a US IP address is it possible to select the “Worldwide” option from the dropdown menu and not have it switch automatically to the current jurisdiction, in this case “United States”. I think this is because the browser compares the two jurisdictions and sees they are the same, so does not bother to force the switch.)
Twitter’s decision to enable country-level blocking of tweets is a rational response to an Internet that long ago ceased to be that utopian place beyond location. Companies who want to grow global amid the forked legal code of today’s Internet need to follow in Twitter’s footsteps.
It would be great if there were companies that did not want to grow global, who could offer a fortified service from a free speech haven and pay no attention to the thin-skinned legal codes of the world. Such an mission would be difficult to sustain, however: Twitter is not some abstract concept; it costs money to run. Free services need advertising-generated revenue; ads require local sales teams and/or local payment systems. This means local offices, and these are within reach of local laws. A Twitter service used by the world but not paid for by the world is unsustainable. (A hypothetical premium Twitter would have the same achilles heel: local payment systems.)
In terms of fine-tuning its censorship, Twitter is catching up to Google. Google has long had the ability to censor search results on a per-country basis. It also serves mutually exclusive map datasets to India and China, where it is illegal to publish country borders at odds with the official stance. Google does this because it is heavily invested in both countries — not just with sales teams, but with development teams too. Executives face real-world criminal charges for non-compliance, as Google found out in Italy.
A highly relevant question now is: Where should the limits of tolerance lie for Facebook, Twitter and Google when it comes to censorship? When does a country, in Twitter’s own words, “differ so much from our ideas that we will not be able to exist there.”? Let’s say we’re even understanding about Germany censoring Google search for Nazi propaganda and France for Nazi memorabilia. What about the case last week of the Indonesian who posted to Facebook that he did not believe in God, and was arrested for it? Should Facebook remove the post globally? Should it remove it only in Indonesia (something it cannot currently do)? I’d say no in both cases, but many Indonesians apparently prefer not to be confronted with expressions of non-belief in their midst. (The BBC reports the page in question has been taken down, but the group still seems to be up when visited from Sweden. Facebook is able to make entire pages unavailable to specific countries.)
Is this really a fight Facebook should fight alone? Should it be YouTube’s fight to serve videos deemed insulting to Ataturk in Turkey? If we demand Facebook and Twitter and Google exit these markets rather than collaborate with laws odious to our free-speech sensibilities, shouldn’t we demand that other businesses boycott the country in solidarity? And is that really feasible?
When to tolerate censorship, then? It depends. It depends on whether a country is on a trajectory towards more free speech. It depends on whether the local laws in question are created through a broad participatory process that gives them legitimacy. It depends on whether the content objected to is an expression of a fundamental human right, such as a sincerely held belief. More cynically, it depends on whether the company in question has business interests there, chasing a growing user base. (For Google in China, this complex calculation turned against collaboration when it became obvious speech was becoming less free, not more, despite its presence.)
Today’s announcement is a bid by Twitter to ensure that excessive censorship in one jurisdiction does not bleed over into other jurisdictions. In tandem with Google, this approach amounts to a new balance of power between national jurisdictions and the web’s native interest communities. We cannot assume it is a stable equilibrium, however. One risk is that the offer of country-level content blockage is not enough for a censorious regime. It may demand that content be removed globally, else face local legal jeopardy. This is not far-fetched — demands for the removal of military “secrets” from Google Earth make no sense if they can still be seen by everyone except those within a jurisdiction. (So far, with one exception, Google has resisted such requests. China certainly tried.) It is also illegal for Google to post any information about China’s censorship requests globally, as explained in its transparency report:
Another risk is that the outsourcing of censored tweets to chillingeffects.org is only a temporary solution in a long jurisdictional arms race. Censored tweets are currently listed on chillingeffects.org/twitter, where the offending tweet can be read in full, with link and all, thus:
Since Twitter promises to alert us anytime a tweet is blocked, the Streisand effect will likely ensure wide exposure for all content that ends up there. But SOPA and PIPA were phrased to criminalize precisely this kind of “enabling” of piracy by linking, with an added extra-jurisdictional twist: Companies with a US presence would not only be enjoined from directly linking to illegal content, they would also be enjoined from doing business with non-US companies linking to it. I fear non-US legal codes will innovate to mirror this extra-judicial demand, not just for copyrighted material but for all content deemed not in the national interest. China already does (see Google’s transparency report, above).
Finally, one interesting issue I’ve not seen explained by Twitter: The mechanics of this censorship. It sounds as if there will be a block list of links for each country. I assume that once a country demands a link be put on the list, all tweets containing that link will not be shown to Twitter users in that country. But what about tweets that do not contain a link but which merely contain speech objectionable to censors? Will there be a continuously updated list of blocked terms, as is done with Chinese microblogging tools? Or will each individual offending tweet need to be flagged by censors? If it’s the latter, then there is little worry, as the half-life of a tweet is far shorter than a censor’s reaction time. But that is why China sets its own far more onerous rules for those who want to play there.
What if a country with a conservative culture or oppressive regime does demand a list of blocked terms, ostensibly to prevent obscene or defamatory speech? I suspect (and hope) Twitter decides such countries “differ so much from our ideas that we will not be able to exist there.” Twitter could then serve a full uncensored feed to users in, say, Saudi Arabia or UAE or Pakistan; the onus would be on these countries to decide if they want to invest in unilateral blocking technology of the kind China uses for its Great Firewall. That is indeed the route Iran and Vietnam have taken, and which others may yet take as Internet censorship technology gets cheaper and easier to deploy. When that kind of Internet has broadly arrived, we’ll be in the next phase in the Internet censorship arms race.
In the European Union it is in the main legal to take photographs from public spaces and then publish them, even if they include identifiable people — and people do so every day in the millions to sites like Flickr, Facebook, Twitter, or to their own blogs. This precedence of the right to free expression over the right to privacy in the public space is a long-standing legal norm, and it has made possible some of the past century’s best photography — street photography, pioneered by the likes of Henri Cartier-Bresson and Robert Frank, who obsessively recorded the everyday gestures and habits of urban life, away from the headlines of the day.
In Slovenia, however, the past few months has seen a bizarre new legal constraint emerge: Should you take photographs in a public space in Slovenia that are social documents but not newsworthy (for example of a street merchant, or a moped driver) and opt to transform them into a 360-degree panorama format before publishing them, you are now obliged to first remove all recognizable faces, or face fines. Furthermore, this decree is applied retroactively, to all panoramas ever taken in Slovenia.
What happened? The Slovenian information commissioner has decreed that 360-degree immersive panoramas by their very nature cannot have the same purpose as conventional photographs, but also that the balance of rights between free expression and privacy depends on a photograph’s purpose — in this case, as expressed by the photographer’s choice of technical format.
The upshot is that if the following panorama had been taken in Slovenia, all faces would need to be removed before it can legally be published online, because it does not indisputably record a newsworthy “event” such as a concert, protest march or accident, even though it is clearly an example of street photography:
A conventional photograph in the genre of street photography, however, would have no such constraints, even if it is more invasive of individual privacy in the pursuit of free expression:
Chinese-Arab cultural exchange in Alexandria, Egypt
What is currently unclear, however, is if conventional photography taken in Slovenia that does not pass muster as street photography — with an architectural object as its subject, or a snapshot of friends with strangers in the background — requires the anonymization of people in the image:
So how did an arbitrary technical distinction come to decide whether an uncensored photograph is legal or illegal in Slovenia? The following is a cautionary tale of what happens when non-technical regulators meet a new-to-them technological innovation they are ill-equipped to judge. It is also a case study of how Google, by voluntarily implementing facial blurring in its relatively new but hugely popular Street View automated 360-degree panoramas, created norms in the minds of regulators that they are now eager to set in stone legally. By focusing on the technical details distinguishing Street View from more conventional photography formats, these regulators have managed to condemn an entire emerging field of photography to burdensome and invasive censorship requirements that are impossible to scale without Google-sized automation resources.
(This is perhaps a good place to mention that there is currently no Google Street View in Slovenia, and there likely won’t be for some time. That’s because Slovenia said it would require Google to keep the raw Street View images in Slovenia until they were blurred — no unblurred images were allowed to leave the country. Because the blurring makes use of Google’s servers, none of which are in Slovenia, Google respectfully declined to add Slovenia to its Street View program.)
Slovenia’s unfortunate regulatory turn came to a head because Slovenia happens to be home to Boštjan Burger, one of the pioneers of immersive photography. For almost two decades, Burger has been recognized inside Slovenia (and abroad) as an important cultural geographer, collaborating with museums and schools to create immersive exhibitions and courseware using his panoramas. Years before Google Street View, he was creating panoramas of everyday street scenes in Slovenia; in these scenes, he didn’t blur faces — his intention was to be a social documentarian, where these individuals are part of the story. He hosted this “open-air museum” on his personal website.
In July 2011, out of the blue, he was placed under investigation by Slovenia’s information commissioner. The (anonymous) complaint: He was making personally identifiable information available in his panoramas, because he hadn’t blurred faces. Never mind that his 11,000 panoramas had been published on his website for years without issue; pending the result of the investigation, Burger was told his panoramas were “most probably illegal” without facial blurring, and so he opted to take many of them offline.
In September 2011, the office of the information commissioner released a legal opinion which stated that conventional street photography engaged in social documentation did not need to have faces removed under Slovenian law, but that panoramas such as Google Street View did, because Street View’s purpose is as tool for getting a sense of the architecture of a place or for finding a location, not social documentation. When the purpose of a photograph is not social documentation, an individual’s right to privacy gains precedence.
This prompted more questions: Who decides what the purpose of a photograph is? Who decides what passes for social documentation? How can a photograph’s format determine its purpose? Burger asked these questions.
In October 2011, in response to Burger’s requests for clarification, the information commissioner released a directive (not online) which explained what kinds of panoramic photography can legally be published in Slovenia with faces unblurred. The directive decided there were just three different kinds of panoramas:
Panoramas without identifiable people in them — these are not in contention.
Panoramas of events such as concerts, protest marches, accidents — in these cases, the photographs have some news value, and so faces need not be blurred, for example if published on a news site.
Photography of public spaces without newsworthy events, where the purpose is to show the architecture or scenery of a specific place — this kind is meant to contain Street View-type panoramas, and here people’s faces must be anonymized. The commissioner decided that a portion of Burger’s panoramas are of this kind. (There is no fourth kind, for social documentation in non-event situations, which is what street photographers most often pursue.) In addition, Burger may not send the original unblurred versions to others in Slovenia or abroad. He faces fines of up to 5,500 euros if he does not comply.
Burger told me that in face-to-face meetings at the commissioner’s office, he was told that this test of newsworthiness, although applied just to panoramic photography in the directive, was in fact valid for conventional photography as well. He then decided to comply with the directive for the long term, either by keeping his panoramas offline or by creatively masking faces on published panoramas so that individuals were not recognizable.
When news of Burger’s meeting spread through the Slovenian photographers’ community, it was immediately pointed out that this test of newsworthiness directly contradicted the legal opinion from Sept 2011, which had specifically upheld the legality of publishing street photography with faces unblurred. So Burger asked for a further clarification: He was told in yet another meeting that the September 2011 opinion defending street photography was only meant for “master photographers” and artists, pursuing creative work. Of course they would not need to blur images if they were exhibiting their work in a gallery or book, for example. In any case, there would be a further statement, he was told.
In it, the commissioner first references Wikipedia to define street photography and then apparently concludes that while this kind of photography has broad legal protection, the test for what constitutes street photography is also rather precise: (Translated via Google Translate, edited for clarity)
In the opinion of the commissioner, street photography is a photograph of the individual in special circumstances, situations, interactions with living and inanimate nature, or with other individuals. The point [of the photograph] is therefore an individual — a representation of an individual as an integral part of society. It is not so important where exactly a person is depicted. The focus is on an individual’s social position and the consequences resulting therefrom, and his/her interaction with other individuals and the environment, and expressed feelings. The location where the photo was taken is of secondary importance.
It is important to note here is that the commissioner is referring to photography in general. There is apparently a class of photographs — those which are neither street photographs nor news photographs — that do not deserve the same legal protection, for example because their purpose is depicting architecture or perhaps because they fail to be sufficiently artistic. In this class of photographs, whether they be flat or panoramic, the right to privacy of the individuals in them would appear to trump the right to free expression by the photographer. This amounts to an opinion with far wider consequences than the original judgment against 360-degree panoramas.
She also argues that 360-degree panoramas in particular — “spatial photography” in her parlance — cannot fall under the street photography rubric because in panoramas location is important, by her reckoning.
A key element of street photography is that the picture depicts an individual. If you show exactly where a photo was taken, the individual is possibly one element in the interpretation of images, but not its essential part. A photo where the presentation of a location is more important than the presentation of the individual as a rule does not fall within the definition of street photography.
We are also told that it is the photographer who is responsible for determining whether a photograph qualifies as street photography and thus can escape the removal of faces:
Clearly, whether a photo is street photography or not should be determined on a case by case basis. This is the primary task of the photographers themselves […] and of course the editors and curators.
The photographer does not escape liability however, should he/she make this determination incorrectly:
Liability for the lawful processing of individual images as street photography is with the photographer. […] Otherwise, there may be an inadmissible interference with personal rights, and this will be protected before the competent courts.
Finally, we are told why specifically all non-newsworthy panoramas must have faces removed. It is because panoramas make it clear where and when they were taken that individuals who find themselves in them must have greater privacy protection:
The essence of space photography (when not a depiction of an event) is a pictorial depiction of the environment surrounding the camera. The location of the photo is thus an intrinsic part of the spatial image. Also, because of the special technique used to produce spatial photographs, individuals cannot be the central motif — the finished product can even be disturbed by them. […] According to the commissioner, an individual whose recognizable image becomes an integral part of spatial images does not only enjoy the protection of personal rights, but also enjoys personal data protection. Spatial photography not only reveals his/her identity, but also reveals his/her personal data, for example a very precise location and possibly also a time when he/she was at this location. [… Before publishing a spatial image, a photographer needs to] obtain the individual’s prior consent, or in the absence of this consent, make the individual unrecognizable.
The argument that only panoramas can expose an individuals’ personal data is quite odd: Any photograph taken in front of a landmark automatically does the same for location. All digital photos contain EXIF timestamps that photo publishing sites automatically share. Mobile phone camera applications automatically add GPS-derived location- and time stamps when uploading to Twitter, Facebook or FourSquare. Will these kinds of photographs now also require the removal of faces? And besides, can street photography not also come with location and time data attached?
What next? Burger tells me that there will likely be a legal challenge to the decree, so that it will face a number of tests in progressively higher courts of law — and with any luck, in the European arena, which is usually good about slapping down ill-considered constraints on free expression. And on November 24, the Slovenian Association of Photographers and Journalists will tackle the issue in a public debate that is slated to feature both Burger and the information commissioner.
2011/12/2 Update: After the debate, the commissioner has now come out with a definitive decision. Burger writes (paraphrased somewhat):
The information commissioner of Slovenia has declared that 360-degree panoramas contain personal data. As a database it is under her jurisdiction. Such photography may not be published online unless faces are blurred.
Published 360-degree panoramas with unblurred faces are legal only if the publisher has a written permit of all the people in the panorama. The source images from which the panorama was stitched need to be unrecoverably deleted, e.g. destroyed.
What about other images published online? That is not data collection, but it doesn’t mean that the publisher is without responsibility. To be “safe”, the publisher (photographer, videographer) needs to get (ex-post) the permission of every individual documented in the image.
The decree is valid for all images taken on the territory of Republic of Slovenia and is retroactive (with no time limit in the past).
Notes on the global politics of digital networks — how the rise of the Internet affects the distribution of power between citizens, corporations and states. By Stefan Geens in Stockholm.