Your SlideShare is downloading. ×
  • Like
TiDE Aberdeen D2
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

TiDE Aberdeen D2

  • 102 views
Published

Regulation and trust in the digital economy: an uneasy relationship …

Regulation and trust in the digital economy: an uneasy relationship
Trust in Digital Economy Workshop
Aberdeen
6 September 2012

Published in Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
102
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • What have terrorism, copyright infringement, spam, child protection and organised crime got in common?  They have all been cited by policymakers as reasons for introducing internet related laws. Unfortunately too many of these regulations are passed by legislatures lacking a rudimentary understanding of the technologies they are attempting to control. This has significant implications for innovators, economic agents and citizen consumers which go to the heart of what it means to engender trust in the digital economy.
  • Social norms dictate that we don't light a cigarette in someone else's house without asking permission. When I first came to the south of England to work, I didn't know I was not supposed to say hello to a stranger on a train. I was subject to suitably disdainful and horrified looks from my fellow passengers, who tried valiantly to ignore me. Having been normalised after 20 years, I can dish out the dirty looks with the best of them. Social norms, like the law, punish deviation after the event. Law and legal regulations provide the framework through which governments prescribe what is acceptable behaviour and what is not. Law acts as a threat. If we don't follow the law there is a risk that we will be found out and punished. For example, law regulates smoking to the degree that cigarettes are not supposed to be sold to children. If retailers sell cigarettes to children they can be prosecuted. Market forces also regulate behaviour. Markets dictate that we don't get access to something unless we offer something of value in exchange. The price of cigarettes is potentially a constraint on a child's opportunity to smoke. Unlike the law and social norms, market forces regulate at the time of the transaction. If children have no money, retailers will not sell them cigarettes. Under the law, retailers must first be caught selling cigarettes to children, then they can be prosecuted. The punishment happens after the event. Likewise with social norms. The disdainful looks – and my fellow passengers' classification of me as someone who should be shunned for the duration of the train journey – happened after I tried to engage someone in conversation. ‘ Architecture’ or the built environment – i.e. how the physical world is – also regulates behaviour. Like market forces, constraints on behaviour imposed by architecture happen when we are trying to engage in that behaviour. For example, if a building has steep steps at the entrance and no other way in, it is difficult for a wheelchair user to enter the building unaided. The notion of architecture as a regulator is not new: the founders of New England meticulously laid out their towns so that the relationship of buildings to each other and the town square meant that the Puritan inhabitants could keep an eye on each other. For practising Puritans, at that time, allowing friends, family and the rest of the community to pry into their private lives was routine. Good behaviour in private was considered to be essential for society. However, it was believed that good behaviour would only be forthcoming if people watched each other closely. A major airline noticed that passengers on Monday morning flights were frustrated with the length of time it took to retrieve their bags, so it started parking these flights further away from the baggage reclaim lounge. By the time the passengers got there, their bags had arrived. The complaints stopped. Prolific 20th-century New York City planner Robert Moses built highway bridges along roads to the parks and beaches in Long Island that were too low for buses to pass under. Hence the parks and beaches were accessible only to car owners – many of them white middle class or wealthy. Poor people without cars, mainly African Americans and other minorities, would be forced to use other parks and beaches accessible by bus. Thus social relations between black and white people were regulated, an example of discriminatory regulation through architecture. It should be noted that Moses vehemently denied that there was any racist intent on his part. In one sense, his intent is irrelevant. The architecture regulated behaviour whether he intended to or not. Recall that complex systems often have unintended emergent properties – I referred to this earlier as the law of unintended consequences. Changing things in complex systems results in unintended consequences, sometimes negative, sometimes positive. Irrespective of the intent of the architect, therefore, architecture can regulate behaviour in ways not originally envisaged. Constraints of the context – the built environment or the architecture – change or regulate behaviour in all these cases. Architecture is also self-regulating – the steep steps I referred to earlier get in the wheelchair user's way because they are steep and they are steps! Laws, norms and markets can only constrain when a ‘gatekeeper’ chooses to use the constraints they impose.
  • Law, norms, market forces and architecture together set the constraints on what we can or cannot do. These are four forms of regulation that determine how individuals, groups, organisations or states are regulated. It is important to consider these four forms of regulation together because they interact and can compete. One can reinforce or undermine another. However, the regulator of behaviour I want to focus on today is law.
  • Hargreaves Review of Intellectual Property and Growth cited the passage of the DEA as an example of the distortion of public policy by questionable evidence. The reality of the Digital Economy Act 's (DEA) online infringement of copyright provisions (sections 3 - 18) may finally begin to hit home next year (theoretically) when thousands of people start to get accusatory letters about copyright infringement from their ISPs. The UK courts have not fully tested evidence presented in such copyright infringement cases as the few that have been pursued were eventually settled out of court. So there is no authoritative legal guidance on standards of evidence or process. In any case the systematic threatening of large numbers of people by ISPs on behalf of copyright industries is unlikely to be conducive to engendering trust in the digital economy. It was not even clear until very recently whether the process of identifying the accounts of suspected copyright infringers could be done with any degree of forensic integrity. Thanks to a report by Dr Richard Clayton of Cambridge University for Consumer Focus it appears that as long as a careful detailed set of procedures which he outlines in the report are followed this may be possible. But he emphasises that his blueprint is time limited and will be useless once peer to peer network technologies evolve to incorporate encryption routinely.
  • Dangerous downloaders act http://www.slideshare.net/rcorrigan/dea-dangerous-downloaders-act The Court of Appeal (Civil Division) issued its judgment in the case of BT Plc and TalkTalk Telecom Group Plc -v- Secretary of State for Culture, Olympics, Media and Sport and others in March 2012. They rejected BT's and TalkTalk's challenge of the Digital Economy Act (DEA), as did Justice Parker in the High Court in April 2011. In many ways it was a predictable outcome but nevertheless frustrating, both for the lack of understanding of the technology displayed by the Court and the underlying assumption of "balance" in the wording of the key legal instruments on display. The contested provisions of the DEA impose "initial obligations on ISPs to notify (s124a) customers of copyright infringement reports (CIRs) received from copyright owners; and to provide (s124b) copyright infringement lists (CILs) to content owners if an "initial obligations code" is in force. The initial obligations code could be self regulatory (s124c) - worked out between the telcos and copyright owners - or imposed by Ofcom (s124d) in the event the relevant agents can't agree amongst themselves. S124e gives a fairly detailed list of the things that the initial obligations code is supposed to cover eg CIRs, CILs, what suspect identification has to be expedited, who pays what, administrative specifics, proportionality, transparency, non discrimination and other provisions. The DEA also empowers the Secretary of State to decide rules about the relative responsibilities for costs arising from the initial obligations code. The DEA also allows the future introduction of blocking measures or a 3 strikes regime or, more accurately, future "technical obligations" on ISPs to police copyright infringement.  The case was not concerned with these technical obligations - only the initial obligations code and the relative costs provisions. I've been thinking further on the BT DEA Court of Appeal decision, BT Plc and TalkTalk Telecom Group Plc -v- Secretary of State for Culture, Olympics, Media and Sport and others on Tuesday. This post will focus primarily on the data protection element of the case. In my previous post I mentioned the Court's questionable assumption of balance in the text of the legislation and the associated lack of understanding of the technology. The other thing that concerns me about the decision was the selective perspective on legislative histories of the relevant legal instruments. Then Secretary of State for Business, Innovation and Skills Peter Mandelson's road to Damascus like revelation, following a holiday with some rich friends and including a meeting with a well known entertainment mogul, that the UK 'needed' a 3 strikes regime, quickly led to the ill thought out Digital Economy Bill. This got rushed through parliament in the wash up of legislation before the last election becoming the controversial Digital Economy Act (DEA). The possibility of balance in the final text of the statute was effectively blown out of the water by the unseemly, unprecedented haste with which it was rushed through, the almost complete lack of parliamentary scrutiny of the bill and the universal lack of understanding amongst parliamentary representatives about what it was all about. Let's look at some of the detail of that in the context of the data protection element of the case. As previously mentioned BT and TalkTalk challenged the act on four grounds.  Firstly in relation to the technical standards directive and secondly the ecommerce directive. These aspects of the case I covered in my first post . Ground 3 of the challenge was based on the data protection directive and the privacy and electronic communications directive. … So the judge bypassed the ISP processing of the personal data and concentrated on that done by copyright owners.  He then concluded the data at the heart of the case was covered by article 8(1) privacy protection provisions but that article 8(2)(e), the right to pursue legal claims, was an absolute get out clause which facilitates fishing expeditions to detect copyright infringement via mass invasion of privacy.  Contrary to European Court of Justice recommendations in the Promusicae case in 2008 (which I'll get to a little later in the context of the privacy and electronic communications directive) Judge Parker effectively decided that copyright protection trumps privacy… Lord Richards then concludes his assessment of the data protection directive's impact on the case by mentioning the European Data Protection Supervisor's (EDPS) clear opinion (relating to ACTA negotiations) that mass personal data processing for 3 strikes regimes was disproportionate and in breach of EU data protection laws; but the noble Lord rounds off by stating that EDPS opinion is not binding on the Court
  • There is a significant danger in measures like the CDB of stumbling by default into a police state, just because the technology of mass surveillance is now more readily available and nominally more sophisticated. We need to avoid deploying these technologies blindly in response to some perceived threat. Without sufficient reasoned analysis of the purpose and detailed requirements of the technical systems we propose to build to counter these threats, we could find ourselves building technological monsters. Building an infrastructure of surveillance makes our citizens and our state more vulnerable not less so to attacks by criminal elements such as the four horsemen of the infocalypse and rogue states with malevolent intent. Government need to understand security services have to adapt to modern world. Some data will not available be to them so they have to find ways to deal with this. Part 1 of the draft bill gives the Secretary of State unlimited powers to mould data access regulations in perpetuity without the need to consult parliament in any meaningful way: (1) The Secretary of State may by order— (a) ensure that communications data is available to be obtained from telecommunications operators by relevant public authorities in accordance with Part 2, or (b) otherwise facilitate the availability of communications data to be so obtained from telecommunications operators. (2) An order under this section may, in particular— [...] (b) impose requirements or restrictions on telecommunications operators or other persons or provide for the imposition of such requirements or restrictions by notice of the Secretary of State" There is no mechanism for amending such Henry VIII orders and they usually get rubber-stamped by Parliament without material scrutiny.  The Secretary of State and her successors get to order anyone to do anything that can be related to facilitating access to communications data: If you combine this with, as barrister Francis Davey points out (see ‘The Communications Data Bill (first look)’, Sunday, 17 June 2012 at http://www.francisdavey.co.uk/2012/06/communications-data-bill-first-look.html ), with the broad definitions given in clause 28 of the bill, e.g. "“person” includes an organisation and any association or combination of persons [..] “ telecommunications operator” means a person who— (a) controls or provides a telecommunication system, or (b) provides a telecommunications service, “ telecommunication system” means a system (including the apparatus comprised in it) that exists (whether wholly or partly in the United Kingdom or elsewhere) for the purpose of facilitating the transmission of communications by any means involving the use of electrical or electro-magnetic energy, “ telecommunications service” means a service that consists in the provision of access to, and of facilities for making use of, a telecommunication system (whether or not one provided by the person providing the service)" this Bill could theoretically, as currently drafted mean that we might be obliged to keep "who, what, when and where" records of family and friends social gatherings which involve listening to music, TV watching, internet or mobile phone use, electronic gaming or just chatting. Unlikely though that might currently seem and far though it may be from the current government’s intentions, the wording of the bill must be viewed in the light of the inevitable progressive function creep (discussed below) and through the lens of a less benevolent future government. The government of course has the right to intercept and record information when someone is suspected of a serious crime. But these proposals mean collection of data without suspicion: which is in effect mass surveillance. Due process requires that surveillance of a real suspected criminal be based on much more than general, loose, and vague allegations, or on suspicion, surmise, or vague guesses. To instigate the new set of legal norms envisaged in the Communications Data Bill which subsequently give the entire population less protection than a hitherto genuine suspected criminal, based on a standard of reasonable suspicion, is indefensible. The gathering of mass data to facilitate future unspecified fishing expeditions is unlawful. Comms data and traffic data cannot be separated simply in the way that the Bill assumes See Professor Peter Sommer’s analysis at http://scramblingforsafety.org/2012/sf2012_sommer_commsdata_content.pdf
  • Base rate fallacy http://en.wikipedia.org/wiki/Base_rate_fallacy
  • Dangerous downloaders act http://www.slideshare.net/rcorrigan/dea-dangerous-downloaders-act The Court of Appeal (Civil Division) issued its judgment in the case of BT Plc and TalkTalk Telecom Group Plc -v- Secretary of State for Culture, Olympics, Media and Sport and others in March 2012. They rejected BT's and TalkTalk's challenge of the Digital Economy Act (DEA), as did Justice Parker in the High Court in April 2011. In many ways it was a predictable outcome but nevertheless frustrating, both for the lack of understanding of the technology displayed by the Court and the underlying assumption of "balance" in the wording of the key legal instruments on display. The contested provisions of the DEA impose "initial obligations on ISPs to notify (s124a) customers of copyright infringement reports (CIRs) received from copyright owners; and to provide (s124b) copyright infringement lists (CILs) to content owners if an "initial obligations code" is in force. The initial obligations code could be self regulatory (s124c) - worked out between the telcos and copyright owners - or imposed by Ofcom (s124d) in the event the relevant agents can't agree amongst themselves. S124e gives a fairly detailed list of the things that the initial obligations code is supposed to cover eg CIRs, CILs, what suspect identification has to be expedited, who pays what, administrative specifics, proportionality, transparency, non discrimination and other provisions. The DEA also empowers the Secretary of State to decide rules about the relative responsibilities for costs arising from the initial obligations code. The DEA also allows the future introduction of blocking measures or a 3 strikes regime or, more accurately, future "technical obligations" on ISPs to police copyright infringement.  The case was not concerned with these technical obligations - only the initial obligations code and the relative costs provisions. I've been thinking further on the BT DEA Court of Appeal decision, BT Plc and TalkTalk Telecom Group Plc -v- Secretary of State for Culture, Olympics, Media and Sport and others on Tuesday. This post will focus primarily on the data protection element of the case. In my previous post I mentioned the Court's questionable assumption of balance in the text of the legislation and the associated lack of understanding of the technology. The other thing that concerns me about the decision was the selective perspective on legislative histories of the relevant legal instruments. Then Secretary of State for Business, Innovation and Skills Peter Mandelson's road to Damascus like revelation, following a holiday with some rich friends and including a meeting with a well known entertainment mogul, that the UK 'needed' a 3 strikes regime, quickly led to the ill thought out Digital Economy Bill. This got rushed through parliament in the wash up of legislation before the last election becoming the controversial Digital Economy Act (DEA). The possibility of balance in the final text of the statute was effectively blown out of the water by the unseemly, unprecedented haste with which it was rushed through, the almost complete lack of parliamentary scrutiny of the bill and the universal lack of understanding amongst parliamentary representatives about what it was all about. Let's look at some of the detail of that in the context of the data protection element of the case. As previously mentioned BT and TalkTalk challenged the act on four grounds.  Firstly in relation to the technical standards directive and secondly the ecommerce directive. These aspects of the case I covered in my first post. Ground 3 of the challenge was based on the data protection directive and the privacy and electronic communications directive. … So the judge bypassed the ISP processing of the personal data and concentrated on that done by copyright owners.  He then concluded the data at the heart of the case was covered by article 8(1) privacy protection provisions but that article 8(2)(e), the right to pursue legal claims, was an absolute get out clause which facilitates fishing expeditions to detect copyright infringement via mass invasion of privacy.  Contrary to European Court of Justice recommendations in the Promusicae case in 2008 (which I'll get to a little later in the context of the privacy and electronic communications directive) Judge Parker effectively decided that copyright protection trumps privacy… Lord Richards then concludes his assessment of the data protection directive's impact on the case by mentioning the European Data Protection Supervisor's (EDPS) clear opinion (relating to ACTA negotiations) that mass personal data processing for 3 strikes regimes was disproportionate and in breach of EU data protection laws; but the noble Lord rounds off by stating that EDPS opinion is not binding on the Court
  • Complexity the new reality. Agents not good at complexity. Business & government try to deal with the problem by reductionism and control – more detailed laws/regulations, acquiring/suing competitors, locking in customers, producing standardised products and services, etc. In digital economy intelligence, agility, responsiveness and a willingness to experiment (and fail) are key. Citizen consumers really need to get educated about the technologies, privacy, security and economic development; filter our disposable income to the good agents and away from the bad and actively lean on governments to regulate wisely; engage in innovating and communicating in this many to many surprise generation machine

Transcript

  • 1. Trust in the Digital Economy Regulation and trust in the digital economy: an uneasy relationship Ray Corrigan Open University6 September 2012 Trust in the digital economy: Aberdeen University 1
  • 2. Theory 2
  • 3. Economic 3
  • 4. Behavioural 4
  • 5. ill-informed regulation DEA, CDB 5
  • 6. Stakeholders 6
  • 7. Stakeholders Innovators/ Creators Agents* Public (Citizen consumers)* Business, public services, government (& civil society) 7
  • 8. Trust 8
  • 9. All 3 need to thrive 9
  • 10. Balance 10
  • 11. Invisible hand 11
  • 12. Enlightened governance 12
  • 13. Complex ecology 13
  • 14. Net file sharing v music, online news v newspapers, Amazon v bookshops >50 Android patent cases globally Samsung v Apple Government v everybody 14
  • 15. Behavioural forces in digital economy 15
  • 16. Social norms MarketBuilt environment Law 16
  • 17. 17
  • 18. 18
  • 19. Digital Economy Act (DEA) 19
  • 20. S3-18: ISP copyright police notify subscribers of reported infringements provide infringement lists to copyright owners Obligations to limit internet accessWebsite blocking provisions (govt to abolish; Ofcom said unworkable) 20
  • 21. Innovators/Creators (a) Creators Creative Activity Zero ZC Strength of copyright (Z)Z depends on i) term ii) scope iii) penalties iv) case law v)enforcement 21
  • 22. ConsumersSocietal welfare = (weighted) sum of consumers, creators & agents 22
  • 23. Agents of creatorsMusic, film, software, media companies and publishers Za > Zc 23
  • 24. Lined up Possibly Za > Zc > Zconsumers 24
  • 25. DEA Winners – some agents & creatorsDEA Losers - agents & creators & public & trust Agents Creators Public 25
  • 26. EvidenceOptimal strength varies for creators, agents and consumersPossibly Za > Zc > ZconsumersWe don’t knowVery little empirical evidence  Case study of specific firms  Surveys of creators, firms, lawyers, etc  Data & econometrics  National or sector trends/comparisons  Sales of CDs, films, etc  Collecting society data  Legal cases matched to firm-level data 26
  • 27. Communications Data Bill (CDB) 27
  • 28. S1 Blank cheque Secretary of State Power to ensure or facilitate availability of data S9Authorisations for obtaining data by police and other relevant public authorities 28
  • 29. ISPs DEA to CDBcopyright police to surveillance agents of state 29
  • 30. Mass surveillance undermines trust Also doesn’t work 30
  • 31. CDB Winners – surveillance tech suppliersCDB Losers - agents & creators & public & trust Agents Creators Public 31
  • 32. Governments don’t understand technology Computers/Net Magic solution or Terrifying problem Net = TV on steroids / online shopping centre 32
  • 33. Government ignorance bad for: Innovators/creators Agents Citizen consumers Trust 33
  • 34. PublicHugely forgiving of / blind to agents’ data gathering (Convenience beats everything) But data pollution = environmental disaster of digital economy 34
  • 35. When regulating…Audience 15 million  Radio 40 years  TV 15 years  www 3 years (600 million+ in 7 years)Law can’t keep upEmpirical work/evidence needed  On creators, agents and public Reed – doctrine of creative inertia 35
  • 36. Trust in digital economy?E2E Net: global machine for springing surprisesInnovators/creators engageAgents (care with architecture)  Regulators – get educated & Reed  Business – data pollutionCitizen consumers get educated & active 36
  • 37. 37