Category Archives: Privacy

Did Sweden just sign up to principled Internet surveillance?

This article was first published on The Local.

This week in Seoul, while speaking at a ministerial-level conference on Internet governance issues, Sweden’s foreign minister Carl Bildt did a remarkable thing.

SeoulCyber2013 is the first high-level meeting on Internet governance since the summer, when Edward Snowden began revealing the extremes to which the US and other countries will go to surveil internet use, with scant regard for user privacy. Post-Snowden, these conferences can no longer ignore the fact that among the biggest threats to a thriving Internet are states’ own policies and actions, including those made by democracies in the absence of transparency and public oversight.

What the limits should be of state action in cyberspace is far from settled. At the Stockholm Internet Forum in May 2013, a coalition of civil society organizations first mooted a set of legal principles that would constrain state cyber-surveillance activities. In their view, to the extent that surveillance is necessary to protect the interests of a state’s citizens, it should be conducted in accordance with human rights law, protecting privacy and freedom of expression.

These principles, now 13 in number and listed on the Necessary & Proportionate campaign site, make for a remarkable document, because by signing it, the 280 sponsoring NGOs are explicitly conceding that surveillance can be a legitimate state activity, in certain cases trumping an individual’s right to privacy. Although the influential Electronic Frontier Foundation signed it, some of its activist members felt this conciliatory act was hard to swallow.

At first, the 13 principles did not seem to gain much traction with states. In Sweden, some members of the Internet policy establishment were privately dismissive of such initiatives — Sweden, they argued, had already had a vigorous and contentious parliamentary debate about surveillance which had resulted in the FRA (signals intelligence) law. Re-opening that particular can of worms just to adhere to a wish list of best practices was not a viable or desirable option. But this was a sentiment from the pre-Snowden era.

In September, the principles were submitted by NGOs to the United Nations Human Rights Council in Geneva, where they got a favorable hearing by UN human rights experts, including the Special Rapporteur Frank La Rue.

And now for that remarkable thing in Seoul. Bildt, near the end of his speech, proposed a set of principles to constrain state surveillance that mirrors most of the core principles enumerated by the NGOs. He called on state surveillance activities to abide by the legal principles of legality, legitimate aim, necessity and adequacy, proportionality, judicial authority, transparency and public oversight. (Do read the texts for a precise definition of each of these terms.)

Suddenly, Sweden is heading for common ground with NGOs in balancing the prerogatives of digital statecraft with the human rights of Internet users. The overlap is not complete — Bildt’s speech skips a number of additional principles proposed in the NGO document — but there is no doubt that this step amounts to tangible progress in getting these principles promoted to norms that states can aspire to, with Sweden being the first country (that I am aware of) to openly articulate this ambition.

Of course, the devil is in the details, and questions remain: Are there policy implications for the Swedish government in embracing these principles, or will the government maintain that Swedish law already conforms to all these norms? One example: The principle of transparency calls on states to, in Bildt’s words, “provide information on how the surveillance legislation works in practice.” The FRA law as it stands today only compels the signals intelligence agency to report back to the “relevant authorities”; the Swedish public most certainly does not get access to how it works “in practice”, not even to aggregate information on how often requests are made, or broadly to what end. Still, thinking creatively, it’s worth noting that there is nothing in the FRA law that prohibits the government from sharing aggregated information with the public.

Meanwhile, are the “missing” principles missing because they directly contradict current Swedish law? For example, is the principle of ensuring the integrity, security and privacy of communications systems, which would prohibit states from forcing Internet service providers to preemptively retain customers’ metadata, “missing” from Bildt’s list because it contravenes Sweden’s data retention law, passed in 2012 to put the country in line with European directives?

And amid press reports of Sweden frequently sharing intelligence with the NSA, will there be policy adjustments towards countries that do not share Sweden’s principles for ethical surveillance practices? In the same vein, it would be hypocritical of Sweden to uphold these principles if the FRA gets to circumvent them merely by outsourcing all ethically questionable intelligence gathering to a less scrupulous foreign ally.

Where do we go from here? By next year’s Stockholm Internet Forum, why not present the results of an independent audit assessing Sweden’s practical compliance with these principles? Let’s say Sweden scores a 6 out of 13. That would be enough to propel the country into first place in a one-country league table of all countries submitting themselves to such public scrutiny, and it would begin a process that the rest of the world can join to build a freer, more secure Internet for all.

Internet freedom in Sweden — a primer

Sweden ramps up a major foreign policy initiative this week when it hosts the inaugural Stockholm Internet Forum, bringing together 300 technologists, activists and scholars from around the world to brainstorm “Internet freedom for global development”. By linking net freedom to social development, Sweden becomes one of a handful of countries for which defending the rights of Internet users beyond its borders is now an explicit foreign policy goal.

Underlying this policy of promoting Internet freedom abroad lies the assumption that there is Internet freedom within. So just how free are people emailing in Umeå, linking in Linköping or downloading in Dalarna? From a policy perspective, is the set of laws regulating Internet use inside Sweden worth emulating abroad?

To answer these questions, it helps to to look at six facets of Internet freedom that have come to loom large as ever-greater parts of our lives are lived online: Connectivity, transparency, censorship, surveillance, privacy and copyright. How does Sweden fare in each of these areas?

Connectivity
Sweden is one of the world’s best-connected countries, with around 90% of households having access to the Internet. It was also one of the earliest countries to see a majority of its population online — by 2001 — in part because regulations promoting competition ensured shared access to Internet infrastructure, keeping prices far below the European average.

On the other hand, network operators are free to prioritize the different types of data they deliver to subscribers; there is no legal requirement to be “network neutral”, though most are, given the competitive landscape. Overall, argues Patrik Fältström, head of research at the Swedish Internet infrastructure organization Netnod, the result has been positive: “The access you get when you buy simple broadband access is more open than most other places on the planet,” he says.

Transparency
One response to having so many Swedes online so quickly was to move government services there. In Sweden it has long been possible to file taxes online. Since 2003, Sweden has an e-government task force dedicated to delivering all government services — municipal, county and national — online. By 2008, it topped the UN’s global e-government readiness rankings.

Providing e-services is one thing; compelling government agencies to make their public datasets available online in free and open formats has proven far harder, despite a long tradition of making (analog) documents public. In part, this is due to vague directives that have let reluctant bureaucracies drag their feet.

Sweden thus lags behind “open government” leaders, notably the US and UK, and is alone among Scandinavian countries in not having a national open data portal. There are individual successes, such as the open data portal by Sweden’s international aid agency SIDA. Overall, still only one third of Swedish public data sources are available online in an open and free format.

Censorship
In Sweden there is no law that compels Internet service providers (ISPs) to block access to sites. ISPs voluntarily collaborate with police to block a centralized list of sites trafficking in child sexual abuse.

And yet such a system is not ideal, argues Marcin de Kaminski, an Internet researcher at the department of Sociology of Law at Lund University. That’s because there is no transparency in how the blacklist is maintained. “There is no way to legally appeal a list entry, for instance,” he says, ” and there is no third-party control of what is actually blocked.”

The risk, then, is that an unregulated block list could end up being used as a political tool — perhaps not in Sweden, where trust in the police is high and there is widespread disdain for censorship — but in other countries looking to adopt the Swedish model of Internet regulation. “Even though the Swedish blocklist has these flaws,” says de Kaminski, “it is used as a role model in the European discussion about block lists.”

Surveillance
In 2008 Sweden’s parliament narrowly passed a law that lets its signals intelligence agency (FRA) monitor the content of all cross-border cable-based Internet traffic to combat “external threats” such as terrorism and organized crime — but only after obtaining court permission on a case-per-case basis, and upon the explicit request of government or defense agencies. In 2012 parliament broadly passed the “Data Retention Directive” (DLD) which compels ISPs to store the who, where, and when (but not the what) of online communication within Sweden for six months, in case law enforcement agencies come calling for their investigations with a court order.

The FRA law has proven controversial in Sweden; the DLD law not so much. One reason is that they both exist within a European context, where EU directives guide how national legislatures are meant to implement laws. While the DLD law implements a minimal version of the European Data Retention Directive of 2006, the FRA law goes beyond the directive’s scope by allowing the surveillance of content.

Privacy
Sweden’s Data Inspection Board has long worked to ensure that personal information stays protected when handled by government agencies, businesses and people. The Internet has greatly transformed its role, which now includes combating cyberbullying and regulating use of cloud-based data storage. One complicating factor is that many of the services people use to share personal data — Facebook, Google — lie outside Sweden’s jurisdiction. Another is the natural tension between the right to privacy and the right to free expression and a free press, with that balance scrambled by the rise of blogs and semi-private publishing on social media platforms.

Copyright
File sharing is popular in Sweden, especially among youth, even though much of it is illegal under Swedish copyright law. In an effort to enforce copyright protection online, parliament in 2009 broadly passed a law implementing the EU directive on intellectual property rights enforcement (IPRED). The law allows criminal prosecution and jail terms for heavy illegal file sharers, and compels ISPs to identify suspected offenders upon request by a court of law.

Unlike France, Sweden’s implementation of IPRED does not cut off Internet access for repeat offenders. Swedish courts have also ruled that the right to privacy of suspected occasional file sharers trumps the interests of copyright holders, curtailing IPRED’s scope to more serious cases. Sweden’s IPRED law is currently being challenged in the European Court of Justice for violating European personal integrity laws.

A more encompassing international treaty, the Anti-Counterfeiting Trade Agreement (ACTA) has been signed by EU member states but has not yet been ratified.

Both IPRED and ACTA are proving controversial, especially with Swedish youth. Sweden’s Pirate Party parlayed this popular discontent into its first ever European Parliament seats in 2009. Criticism comes in several flavors: Pirate Party supporters wants to overhaul the very notion of copyright, so that the online remix culture and other non-commercial uses of creative content are exempt from regulation. Says Rick Falkvinge, founder of the Pirate Party: “The civil liberties that our parents enjoyed offline must carry over into the online world.”

Others worry that the enforcement laws being implemented have their priorities wrong, or are too intrusive. Argues de Kaminski: “What we need to do is establish rights and principles of freedom concerning the Internet — so that we have a free, open and secure base to begin with. Then we can start to discuss the necessary exceptions.”

Conclusion
When it comes to assessing the FRA, DLD and IPRED laws, the block list and privacy protections, it is worth remembering that they operate within a specific Swedish context. Replicating these laws may not produce the same results in places that do not also have Sweden’s negligible corruption, high levels of trust in public institutions, and a culture of free expression — non-legislated norms. Internet Freedom in Sweden is determined by more than the sum of its legislative parts.

An edited version of this article is available on Sweden.se, for which it was commissioned.

In Slovenia, panoramic photography comes under regulatory attack

In the European Union it is in the main legal to take photographs from public spaces and then publish them, even if they include identifiable people — and people do so every day in the millions to sites like Flickr, Facebook, Twitter, or to their own blogs. This precedence of the right to free expression over the right to privacy in the public space is a long-standing legal norm, and it has made possible some of the past century’s best photography — street photography, pioneered by the likes of Henri Cartier-Bresson and Robert Frank, who obsessively recorded the everyday gestures and habits of urban life, away from the headlines of the day.

In Slovenia, however, the past few months has seen a bizarre new legal constraint emerge: Should you take photographs in a public space in Slovenia that are social documents but not newsworthy (for example of a street merchant, or a moped driver) and opt to transform them into a 360-degree panorama format before publishing them, you are now obliged to first remove all recognizable faces, or face fines. Furthermore, this decree is applied retroactively, to all panoramas ever taken in Slovenia.

What happened? The Slovenian information commissioner has decreed that 360-degree immersive panoramas by their very nature cannot have the same purpose as conventional photographs, but also that the balance of rights between free expression and privacy depends on a photograph’s purpose — in this case, as expressed by the photographer’s choice of technical format.

The upshot is that if the following panorama had been taken in Slovenia, all faces would need to be removed before it can legally be published online, because it does not indisputably record a newsworthy “event” such as a concert, protest march or accident, even though it is clearly an example of street photography:


Tin suq, Sana’a, Yemen in Yemen

A conventional photograph in the genre of street photography, however, would have no such constraints, even if it is more invasive of individual privacy in the pursuit of free expression:


Chinese-Arab cultural exchange in Alexandria, Egypt

What is currently unclear, however, is if conventional photography taken in Slovenia that does not pass muster as street photography — with an architectural object as its subject, or a snapshot of friends with strangers in the background — requires the anonymization of people in the image:


Building with Verandas, Kashgar, China

(So that we’re all on the same page: 360-degree panoramas are made by taking several wide-angle photographs from the exact same spot and then using computer software to stitch them together so that they seamlessly portray the view in all directions. The resulting image can be displayed as an interactive experience on a computer screen, an equirectangular flat image format or as an image in any number of different projections. There are edge cases too: A conventional-looking flat photograph may be stitched together from several component images, such as this one (6 images) or this one (5 images). There are panorama cameras that take ultra wide-angle conventional photographs, while smartphone applications let consumers sweep their phone camera to make panoramas, up to and including 360-degree panoramas.)

So how did an arbitrary technical distinction come to decide whether an uncensored photograph is legal or illegal in Slovenia? The following is a cautionary tale of what happens when non-technical regulators meet a new-to-them technological innovation they are ill-equipped to judge. It is also a case study of how Google, by voluntarily implementing facial blurring in its relatively new but hugely popular Street View automated 360-degree panoramas, created norms in the minds of regulators that they are now eager to set in stone legally. By focusing on the technical details distinguishing Street View from more conventional photography formats, these regulators have managed to condemn an entire emerging field of photography to burdensome and invasive censorship requirements that are impossible to scale without Google-sized automation resources.

(This is perhaps a good place to mention that there is currently no Google Street View in Slovenia, and there likely won’t be for some time. That’s because Slovenia said it would require Google to keep the raw Street View images in Slovenia until they were blurred — no unblurred images were allowed to leave the country. Because the blurring makes use of Google’s servers, none of which are in Slovenia, Google respectfully declined to add Slovenia to its Street View program.)

Slovenia’s unfortunate regulatory turn came to a head because Slovenia happens to be home to Boštjan Burger, one of the pioneers of immersive photography. For almost two decades, Burger has been recognized inside Slovenia (and abroad) as an important cultural geographer, collaborating with museums and schools to create immersive exhibitions and courseware using his panoramas. Years before Google Street View, he was creating panoramas of everyday street scenes in Slovenia; in these scenes, he didn’t blur faces — his intention was to be a social documentarian, where these individuals are part of the story. He hosted this “open-air museum” on his personal website.

In July 2011, out of the blue, he was placed under investigation by Slovenia’s information commissioner. The (anonymous) complaint: He was making personally identifiable information available in his panoramas, because he hadn’t blurred faces. Never mind that his 11,000 panoramas had been published on his website for years without issue; pending the result of the investigation, Burger was told his panoramas were “most probably illegal” without facial blurring, and so he opted to take many of them offline.

In September 2011, the office of the information commissioner released a legal opinion which stated that conventional street photography engaged in social documentation did not need to have faces removed under Slovenian law, but that panoramas such as Google Street View did, because Street View’s purpose is as tool for getting a sense of the architecture of a place or for finding a location, not social documentation. When the purpose of a photograph is not social documentation, an individual’s right to privacy gains precedence.

This prompted more questions: Who decides what the purpose of a photograph is? Who decides what passes for social documentation? How can a photograph’s format determine its purpose? Burger asked these questions.

In October 2011, in response to Burger’s requests for clarification, the information commissioner released a directive (not online) which explained what kinds of panoramic photography can legally be published in Slovenia with faces unblurred. The directive decided there were just three different kinds of panoramas:

  1. Panoramas without identifiable people in them — these are not in contention.
  2. Panoramas of events such as concerts, protest marches, accidents — in these cases, the photographs have some news value, and so faces need not be blurred, for example if published on a news site.
  3. Photography of public spaces without newsworthy events, where the purpose is to show the architecture or scenery of a specific place — this kind is meant to contain Street View-type panoramas, and here people’s faces must be anonymized. The commissioner decided that a portion of Burger’s panoramas are of this kind. (There is no fourth kind, for social documentation in non-event situations, which is what street photographers most often pursue.) In addition, Burger may not send the original unblurred versions to others in Slovenia or abroad. He faces fines of up to 5,500 euros if he does not comply.

Burger told me that in face-to-face meetings at the commissioner’s office, he was told that this test of newsworthiness, although applied just to panoramic photography in the directive, was in fact valid for conventional photography as well. He then decided to comply with the directive for the long term, either by keeping his panoramas offline or by creatively masking faces on published panoramas so that individuals were not recognizable.

When news of Burger’s meeting spread through the Slovenian photographers’ community, it was immediately pointed out that this test of newsworthiness directly contradicted the legal opinion from Sept 2011, which had specifically upheld the legality of publishing street photography with faces unblurred. So Burger asked for a further clarification: He was told in yet another meeting that the September 2011 opinion defending street photography was only meant for “master photographers” and artists, pursuing creative work. Of course they would not need to blur images if they were exhibiting their work in a gallery or book, for example. In any case, there would be a further statement, he was told.

That statement arrived today.

In it, the commissioner first references Wikipedia to define street photography and then apparently concludes that while this kind of photography has broad legal protection, the test for what constitutes street photography is also rather precise: (Translated via Google Translate, edited for clarity)

In the opinion of the commissioner, street photography is a photograph of the individual in special circumstances, situations, interactions with living and inanimate nature, or with other individuals. The point [of the photograph] is therefore an individual — a representation of an individual as an integral part of society. It is not so important where exactly a person is depicted. The focus is on an individual’s social position and the consequences resulting therefrom, and his/her interaction with other individuals and the environment, and expressed feelings. The location where the photo was taken is of secondary importance.

It is important to note here is that the commissioner is referring to photography in general. There is apparently a class of photographs — those which are neither street photographs nor news photographs — that do not deserve the same legal protection, for example because their purpose is depicting architecture or perhaps because they fail to be sufficiently artistic. In this class of photographs, whether they be flat or panoramic, the right to privacy of the individuals in them would appear to trump the right to free expression by the photographer. This amounts to an opinion with far wider consequences than the original judgment against 360-degree panoramas.

She also argues that 360-degree panoramas in particular — “spatial photography” in her parlance — cannot fall under the street photography rubric because in panoramas location is important, by her reckoning.

A key element of street photography is that the picture depicts an individual. If you show exactly where a photo was taken, the individual is possibly one element in the interpretation of images, but not its essential part. A photo where the presentation of a location is more important than the presentation of the individual as a rule does not fall within the definition of street photography.

We are also told that it is the photographer who is responsible for determining whether a photograph qualifies as street photography and thus can escape the removal of faces:

Clearly, whether a photo is street photography or not should be determined on a case by case basis. This is the primary task of the photographers themselves [...] and of course the editors and curators.

The photographer does not escape liability however, should he/she make this determination incorrectly:

Liability for the lawful processing of individual images as street photography is with the photographer. [...] Otherwise, there may be an inadmissible interference with personal rights, and this will be protected before the competent courts.

Finally, we are told why specifically all non-newsworthy panoramas must have faces removed. It is because panoramas make it clear where and when they were taken that individuals who find themselves in them must have greater privacy protection:

The essence of space photography (when not a depiction of an event) is a pictorial depiction of the environment surrounding the camera. The location of the photo is thus an intrinsic part of the spatial image. Also, because of the special technique used to produce spatial photographs, individuals cannot be the central motif — the finished product can even be disturbed by them. [...] According to the commissioner, an individual whose recognizable image becomes an integral part of spatial images does not only enjoy the protection of personal rights, but also enjoys personal data protection. Spatial photography not only reveals his/her identity, but also reveals his/her personal data, for example a very precise location and possibly also a time when he/she was at this location. [... Before publishing a spatial image, a photographer needs to] obtain the individual’s prior consent, or in the absence of this consent, make the individual unrecognizable.

The argument that only panoramas can expose an individuals’ personal data is quite odd: Any photograph taken in front of a landmark automatically does the same for location. All digital photos contain EXIF timestamps that photo publishing sites automatically share. Mobile phone camera applications automatically add GPS-derived location- and time stamps when uploading to Twitter, Facebook or FourSquare. Will these kinds of photographs now also require the removal of faces? And besides, can street photography not also come with location and time data attached?

What next? Burger tells me that there will likely be a legal challenge to the decree, so that it will face a number of tests in progressively higher courts of law — and with any luck, in the European arena, which is usually good about slapping down ill-considered constraints on free expression. And on November 24, the Slovenian Association of Photographers and Journalists will tackle the issue in a public debate that is slated to feature both Burger and the information commissioner.

2011/12/2 Update: After the debate, the commissioner has now come out with a definitive decision. Burger writes (paraphrased somewhat):

The information commissioner of Slovenia has declared that 360-degree panoramas contain personal data. As a database it is under her jurisdiction. Such photography may not be published online unless faces are blurred.

 

Published 360-degree panoramas with unblurred faces are legal only if the publisher has a written permit of all the people in the panorama. The source images from which the panorama was stitched need to be unrecoverably deleted, e.g. destroyed.

 

What about other images published online? That is not data collection, but it doesn’t mean that the publisher is without responsibility. To be “safe”, the publisher (photographer, videographer) needs to get (ex-post) the permission of every individual documented in the image.

The decree is valid for all images taken on the territory of Republic of Slovenia and is retroactive (with no time limit in the past).