[open-government] Openness and Privacy

Josh Tauberer tauberer at govtrack.us
Fri Jun 12 12:53:39 UTC 2015 

On 06/12/2015 08:03 AM, Javier Ruiz wrote:
> open data ideology

This is the part that keeps surprising me about these debates. Somewhere 
along the way, what began as a very practical movement to solve 
immediate problems of access to information became.... an ideology. I am 
either confused or afraid when I read, to quote Martin in his article:

> Open data advocates often suggest that openness should be the default 
> for all human knowledge.

Is that statement factually true? Do open data advocates actually say 
that about */all/* human knowledge? Has it always been that way? I don't 
know. But it doesn't describe the movement I thought I was in (and, I 
thought, helped start).

When I get up in the morning, I think about how I can help people with 
less power over government get more power. I don't care about human 
knowledge per se. I care about what knowledge people need to have power 
over their world around them. The idea that I am in a movement that 
could be described as "lead[ing] to an Orwellian world" is shocking. 
Either I'm in the wrong movement or the movement has a massive public 
relations problem.

Martin's point that open data and privacy are the same is maybe a bit 
exaggerated, but it's insightful: They are very /*different 
*//*techniques*/ to addressing what can be */very similar/**/underlying 
problems/* (of, for example, inequitable distribution of power). Open 
data goes off the rails when it is (or is perceived to be) a solution to 
be applied regardless of the existence of problems.

I thought I was in a movement about underlying problems, but now I don't 
know anymore.

- Josh Tauberer (@JoshData)

http://razor.occams.info

On 06/12/2015 08:03 AM, Javier Ruiz wrote:
> Dear all
>
> I had replied to Martin Tisné’s original post in another list, but 
> I’ll paste it here below for completeness as Chris Taggart was 
> referring to that email in the thread.
>
> On the discussion here:
>
> Marc Rotenberg has put it quite clearly: privacy is abused by the 
> powerful like any other right, including the right to property. But 
> that’s how power works. Funny that these arguments have typically been 
> made by communists criticising liberal democracies, and now that 
> leftists finally embrace human rights we go back to square one! Lets 
> set the record straight: privacy laws in most places allow for 
> information to hold people accountable to be made public while setting 
> some limits. Do we really want to be able to track the postman via a 
> GPS anklet? Privacy is not a blunt instrument, e.g. as it been 
> explained elsewhere it allows for the taxes of everyone in Norway to 
> be accessible online. Public registers everywhere make public personal 
> information in exchange for social recognition (educational 
> achievement, property, good citizenship, etc.).
>
> But I think the main issue here is not the privacy vs accountability 
> debate, which can be solved with goodwill, but the drive to use data 
> (big data, data science, machine learning, etc.) in everything: from 
> running transport systems by tracking users, to curing cancer by 
> analysing detailed medical histories. Today a massive UK summer 
> festival (Download) announced they will be the first using RFID 
> armbands that will track everyone at checkpoints throughout the venue, 
> and process all payments in a cashless system. Couple this with the 
> well known problems with the standard privacy solutions of 
> anonymisation or consent.
>
> It is the interaction of open data ideology with this new world that I 
> find concerning; and it is a simple corollary that all the above 
> examples would benefit from being open in terms of efficiency. Firstly 
> because the lack of proper considerations of privacy in the first wave 
> of open data (when it was mainly driven by genuine activists) has 
> pushed the debate really far, and only now we are catching up. Many 
> later arrivals have found the rhetoric of open data great to support 
> other agendas.
>
> Open data has played a truly trojan horse role, for example in the 
> case of care.data in the UK (as Phil Booth from MedConfidential has 
> also explained elsewhere), which has become a shorthand for the wider 
> debate about the future of the National Health Service. In this 
> context information about people is there to be exploited and 
> eventually captured and added to the valuation for the IPO, an “asset 
> class”. People rebel against what they perceive as an expropriation of 
> their data, even when legally speaking they’ve probably lost all 
> rights by then. Hundreds of thousands in the UK have engaged in 
> campaigns against sharing health and tax data with private companies.
>
> But is not just the abuse of open data. There are some intrinsic 
> problems in the slightly black and white approach of open data 
> discourse, the obsession with fixed sets of principles or rankings in 
> a very data-centric manner that does not take into account the context 
> and people affected, or even the reasons for opening, which is seen as 
> a goal in itself.
>
> We need a more nuanced approach. In Ottawa I proposed that each data 
> release involving personal information should have to justify why each 
> principle (completeness, timeliness, machine readability, etc.) will 
> not cause privacy harms, even if legally you are allowed to do it. 
> This is just about the fairness, and in addition to having a 
> legitimate purpose and a case with demonstrable benefits to open the 
> data in the first place. One example of this is the recent changes to 
> Norway’s tax register, which since 2014 requires registration to deter 
> frivolous access.
>
> Finally, and to clarify Phil’s comments, sorry if it wasn’t clear, I 
> did not propose to pick and choose privacy principles, just to check 
> them to understand what exactly you want to achieve in terms of 
> privacy, and what room for manoeuvre you have (e.g. sensitive data). 
> Generally we have to balance the rights to privacy and freedom of 
> expression and information, and this is the right frame for the cases 
> that Helen and Chris have to deal with. But in the specific context of 
> open data, I think this balance is operationalised in ensuring that 
> data releases respect privacy at the cost of complying with the open 
> data principles.
>
> Best, Javier
>
> ----
>
> Hi Martin
>
> I completely agree with the main point of involving privacy people and 
> making the debate more nuanced and breaking down the elements of 
> privacy control and openness to find the best compromise.
>
> What you are describing in the article is quite similar to the Latin 
> American model of privacy protections, which is based on the concept 
> of Habeas Data: the right to ask for a court to show the body (of 
> data). This also forms the basis for Freedom of Information. So in 
> some contexts it is even true from a legal perspective that privacy 
> and openness are the same, as explained by David Banisar elsewhere.
>
> It is also true that every privacy policy is a data release policy, if 
> they actually worked as they should they would be telling you more 
> about where your data goes than about what cannot be done with it.
>
> I agree with looking ahead, but we also need to consider the existing 
> practices and the impacts they have in different contexts. Sharing tax 
> data leads to gender parity in wages in Scandinavia, but the US 
> disclosure of all forms of public records is more problematic.
>
> The report by the US FTC on Data Brokers - organisations like Acxiom 
> hoovering up all sorts of available data to build unaccountable 
> profiles of the whole population - shows exactly why open personal 
> information can cause harms right now in many places (and why the US 
> urgently needs more privacy protections). 
> https://www.ftc.gov/system/files/documents/reports/data-brokers-call-transparency-accountability-report-federal-trade-commission-may-2014/140527databrokerreport.pdf
>
> A fundamental problem is that for all the theoretical benefits of 
> opening data it is unclear that these end up reaching those whose data 
> is shared. The UK sharing of pseudonymised health data with the 
> insurance industry (society of actuaries) saw millions of people’s 
> premiums go up. And it was not even about linking individuals, just 
> class profiling.
>
> Opening personal data of the powerful for accountability is a lot more 
> developed; for example the UK ICO has guidance for the responses to 
> FOI. But ultimately every release needs to be examined in its own terms.
>
> My proposal in Ottawa was to first look at the objectives you want to 
> achieve, then the privacy principles you want to maintain and what 
> flexibility is there (you may not have that much room anyway), and 
> then look at the open data principles and see if you can justify each 
> of them individually or removing them can help to preserve privacy.
>
> But ultimately some form of general opt out from big/open data where 
> you don’t require individual level granularity may be unavoidable to 
> give people assurance.
>
>  Best, Javier
>
>
>
>
>
> _______________________________________________
> open-government mailing list
> open-government at lists.okfn.org
> https://lists.okfn.org/mailman/listinfo/open-government
> Unsubscribe: https://lists.okfn.org/mailman/options/open-government

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/open-government/attachments/20150612/10035d3c/attachment-0003.html>

More information about the open-government mailing list