Category Archives: conference

Speech about RealMe, big data & power

Edited text of a speech given by Thomas Beagle at the launch of What If – “an education and action campaign working to stop data collection and sharing by the NZ State and private corporations for the purposes of social control and exploitation, and working for community control of information resources for the benefit of all”.


The technocrats have a utopian view of our data driven future. As the NZ Data Futures Forum puts it, they plan to “unlock the latent value of our data assets and position us as a world leader in the trusted and inclusive use of shared data to deliver a prosperous society.”

  • They promise that we’ll be healthier, with population wide tracking to predict and therefore prevent diseases.
  • They promise that government services will be both cheaper and more effective through better targeting of those who need them.
  • They promise that we’ll be wealthier, with businesses able to offer new and exciting products based on our individual needs.

Indeed, is there anything that government and business couldn’t do if they had enough data and some smart people to analyse it?

Now, this is going to require a lot of data. And when you’re collecting a lot of data you’ve got to make sure that it’s accurate.

One of the things that’s particularly important is making sure that we have the right person. There’s no point in targeting John Andrew Smith with a medical checkup when it’s actually John Adam Smith whose genetic analysis shows their predisposition to a particular condition.

Wouldn’t it be easier if everyone in the country had a single electronic identity, one that we could use as a digital key across all these systems to ensure that we had the right person?

 

RealMe

And this is where RealMe comes in. It’s a joint venture between the Department of Internal Affairs and NZ Post and, in their own words: “RealMe lets you easily and securely prove your identity online, plus access lots of online services with a single username and password.”

The sales pitch is aimed at making it easier for the citizen consumer. Get a RealMe account and access a wide range of critical services that require strong proof of identity such as govt agencies, the health system, banks, and so on.

It’s important to note that there are two sorts of RealMe accounts. You can get as many unverified accounts as you like – but if you want to use the more useful services you will need to get your account verified and your photo taken at an NZ Post shop. You’re only allowed one of these.

RealMe is of particular appeal to financial institutions because of their new responsibilities to identify their customers and report suspicious transactions to the government as a result of the Anti Money Laundering and Countering Financing of Terrorism Act. Kiwibank, the BNZ and TSB Bank are using RealMe, with more expected to follow, although uptake has been slower than expected.

RealMe itself doesn’t store any data about people, but it does enable two services that use it to share data if the person gives them permission. For example, if you apply for medical insurance, you can use RealMe to freely choose to give the insurer secure access to your medical records.

There’s not much more to RealMe, but there doesn’t have to be. It provides two vital components to enable data sharing on an ever larger scale – a key to identify a person, and a pipeline to share the data. It’s an important building block in the creation of our glorious shared data future.

 

Issues with RealMe

Sadly, utopia is not assured. Let’s look at some of the issues.

Firstly, data sharing. While the people who developed RealMe seem to have good intentions, I can’t help feeling that they seem rather naïve. It’s great that data sharing through the RealMe service is voluntary and done under the control of the user, but does anyone really believe that’s how it’s going to work?

If you want health insurance, you will be obliged to give them access to your medical records. Credit applications will demand access to your bank accounts. You could freely refuse – at the price of being turned down for what you’re applying for.

And at some point I can assure you that there will be a small law change allowing the IRD full access to whatever data they want through the RealMe service.

There are other agencies that also have the power to override our privacy choices. The Police, SIS and GCSB can all legally access the information in the systems that RealMe have so kindly linked together, and we’d never know that they’d done it.

Secondly, it seems that RealMe will inevitably evolve into a de facto digital identity card; the “papers please” of the internet age. As processes move online, everyone is going to need a RealMe account and opting out will not be an option.

But there is a deeper philosophical problem with having a single verified identity. Do we actually want to use the same identity for dealing with the government, banks, Trademe, and a variety of social media sites? Will there be increasing pressure to use our ‘official’ identity everywhere? I see important advantages in being able to present different faces to people – to the people we work with, our parents, our children, our friends, our various communities.

And, of course, RealMe has a big future. It’s going to be available whenever the government thinks up a new reason why it needs to track us and spy on us. We don’t just have to worry about what it’s being used for now, we have to worry what will be build on it in the future.

To think of just one example, something that worries governments and businesses alike is the inability to conclusively identify who did what online. It seems possible to me that in ten years’ time we’ll be obliged to connect to the internet using our RealMe identity.

With everything you do online linked back to your RealMe ID, the internet truly will be the greatest surveillance machine ever built.

 

Dystopia

However, it’s when you add large scale data collection and analysis that you realise how this technocratic utopian vision can all too easily become a dystopia.

The same data that can be used to target assistance to those who need it, can be used to penalise those who transgress. Has an algorithm decided you feeding your children too much junk food? Did you spend time helping at the local community centre when you should have been looking for a job? Our data shows you were out in the car when you said you were sick last Tuesday, just how sick were you?

Citizen, justify yourself!

 

Big Data

RealMe is just one more component of the big data transformation of our society.

I don’t think that the big data juggernaut can be stopped. Every day the technology to watch, collate and analyse data is getting cheaper and more powerful. It’s the price of the modern internet and computer driven society.

And personally, I’m still enough of a utopian that I’m not even sure that we want to stop it.

But we know that people react differently when know they’re being watched. We know that people value their privacy and feel powerless when others know their secrets. Can freedom of expression survive in a surveillance state? Will dissent, so necessary in a democratic society, wither under the all seeing eye?

So while we can’t stop it, there is a very clear need to control it. To make sure that we get the benefits while not accidentally creating a society we don’t want to live in.

 

What can we do?

However I do believe that this is possible. We can’t control what foreign companies and governments do, but we can set limits on what our own government can do, and we can pass laws that control what New Zealand companies can do.

This isn’t going to be easy. We do have the Privacy Act, but the technocrats have the ear of government and they’ve already announced plans to repeal the Privacy Act and re-enact it in a form even more friendly towards data sharing. But even then, it’s not just privacy that we’re worried about, but power and control.

To stop this trend, to set up real protections, we’re going to have to persuade our fellow New Zealanders that we need them.

We have the power to decide what sort of country we want to live in. We can reject the surveillance society and the subsequent crushing of our democracy. I hope this meeting is another step on the way to doing so.

 

Privacy isn’t dead

Edited version of Thomas Beagle’s opening remarks at the Privacy Panel at NetHui in Auckland on 11th July 2014.


Privacy isn’t dead. Yesterday at Nethui we were told that it’s too late for privacy, that it’s over. But the fact we’re all here and talking about it is a sign of just how wrong this is.

There’s no doubt that technology is changing how we think about privacy but it’s not as simple as saying that people these days are just giving it up willy-nilly. People don’t always get it right, but most have an intense interest in keeping certain pieces of information away from certain people.

Privacy is multi-faceted

I think it’s important to note that information privacy is not simple. People have many relationships – work, family, friends, doctors, government – and they need to be able to control who sees what and when.

Just because we give a piece of personal information to one of those, or they take it without asking, doesn’t mean that we’ve lost our privacy interest in that information. I might tell my doctor about my drug use, but still need to keep it secret from my family, employer and government.

Privacy is also about security

Part of this control is that for many people the debate about privacy is also about security. If you’re a teen questioning your sexuality in a conservative town, that information leaking out might be enough to get you beaten up or worse.

And at the same time, have you ever felt that sick feeling when someone you don’t trust has damaging information about you? What if it’s the government and they’re the ones paying you a benefit that is keeping your family fed? Information is power.

The surveillance demands of national security, the desire to know everything we’re doing, actually leads to many people feeling less secure because they don’t know what the government knows about them and they don’t know how they’re going to use that information.

I’m optimistic

That said, I’m optimistic about privacy.

When it comes to our digital peers such as friends and family we generally already have the tools to protect ourselves, even if we don’t always get it right.

If we look at the rest of the privacy problem, I split it up into three categories. The biggest risk is your own government, because they’re the ones that can put you in jail or deny you basic services. The second is the local companies you deal with to buy your power, your food, and so on. The third is the foreign companies such as Google and Facebook.

The good news is that in a democracy like New Zealand, we can control the first two. We can set limits on what data they collect and how they can use it and how they can share it. Maybe two out of three is actually good enough to say that we can continue to maintain our privacy in the internet age.

Limiting information use

And we can set those limits however we like. Some people seem to believe that once something is published, either by ourselves or leaked by others, that it’s fair game. I’d argue that just because something is out there doesn’t mean that it should be available for use.

There’s ample precedent for this: You’re not allowed to use the electoral roll for anything not to do with elections. Juries are told to ignore any information they may have learnt outside of the trial.

If we decide as a society that we don’t want the Ministry of Social Development to spy on beneficiaries on social media, we can change the law so that they are not allowed to. If we don’t want the GCSB to be able to apply for wide-ranging access authorisations to spy on New Zealanders – for our own protection of course – we can change the law so that they can’t. It’s up to us.

Changes to the law

I believe we do need changes to privacy law in New Zealand. The Privacy Act is a great base for us to work from but it needs works – and not just the new powers for the Privacy Commissioner.

It’s obvious that privacy controlled by opt-in click-through contracts doesn’t really work. I believe that the solution is to further ratchet up the baseline protections provided by the Privacy Act – and to close the law enforcement loophole.

Sadly, I fear that the government’s promised repeal and re-enactment of the Privacy Act will be going in the wrong direction. Thank you.

Presentation to Kiwicon 6, 2012

Edited text of the presentation given at Kiwicon 2012 (“New Zealand’s Hacker Con”) by Tech Liberty co-founder Thomas Beagle.

Do not ask for whom the panopticon watches, it watches for thee

My name is Thomas Beagle and I’m from Tech Liberty. We’re a New Zealand lobby group dedicated to protecting civil liberties in the digital age.

I’m going to survey some of the political issues that affect our civil liberties before talking in a bit more depth about where we’re up to with mass surveillance in New Zealand.

Continue reading Presentation to Kiwicon 6, 2012

TPPA Forum – video of presentations

The TPP Forum held in Wellington a week ago was a great success with over 130 people turning up to find out more about the Trans Pacific Partnership free trade agreement and what it means for New Zealand.

The speeches have now been uploaded to YouTube.

Jane Kelsey put the TPP in an international and historical context and talked about the impact it would have on New Zealanders.

Thomas Beagle from Tech Liberty gave a presentation on how the TPP was an attempt to circumvent New Zealand’s democracy in the formation of law around intellectual property.

Des O’Day, lecturer in health economics from Otago University, gave some background on Pharmac, how it worked to save New Zealand money, and how it would be at risk from the TPP. Due to technical difficulties Des’s presentation was not videoed.

Kiwicon: RFID (in)securities

We’ll be writing some summaries of some of the relevant sessions at Kiwicon – the hacker conference in Wellington.

Anne Galloway from the VUW School of Design presented the keynote speech – RFID (in)securities. RFID tags are the tiny bits of circuitry that nearby scanners can read – such as used in Snapper cards and passports.

She brought a social anthropology view of RFID to a conference full of hardcore geeks and was brave enough to start by defining “discourse” and how it is used to create understanding. She then discussed three popular discourses around RFID:

  • RFID is awesome
  • RFID is evil
  • RFID is fun

Continue reading Kiwicon: RFID (in)securities