Thursday, 28 March 2013

Open standards, critical digital infrastructure, and the importance of politics to tech standards

Yesterday I spoke at an event in the European Parliament for the 3rd Document Freedom Day. I was invited by Pirate party MEP Amelia Andersdotter to be on a panel on Open Standards for Critical Digital Infrastructure, hosted by the Greens/European Free Alliance. The rest of this post is an expanded version of the short talk I gave, pulled together my prep notes. A fair amount of this got cut in the interests of brevity and clarity.  

[You can watch a video of the panel here, and witness my need for a haircut, and how badly I needed a drink of water towards the end]

With regard to Critical Digital Infrastructure – I’m most familiar with electronic identity systems, and information management technologies, so I’ll mostly talk about that, although I hope that some of the points I want to make are applicable elsewhere. I was interpreting the slightly ambiguous concept of critical digital infrastructure, broadly as any kind of electronic infrastructure, with any kind of meaningful social function.
I'm first going 1) to set out some foundational assumptions,2) illustrate with the examples of the UK ID card scheme, and the current proposals for an eID system, then 3) hopefully draw out the lessons or implications for open standards in critical digital infrastructure more broadly.

Part 1 – Assumptions 

1) Technologies (and therefore Critical Digital Infrastructures) are political
However, the politics of these technologies are often fairly opaque. There is often a tendency to dismiss as technical or design issue, things that have political values behind them. There are also politics in which technologies get taken up and used, which do not.Technologies reflect their aims and their origins (difference between systems developed by home office/ministry of the interior, and work/labour/pensions etc).
There is also often the assumption that social goals and priorities are settled and can be assumed, and that technology design follows on from these. E.g. Facebook is popular, therefore people really wanted to share many intimate pictures of their lives, and we’re not doing so previously because of the absence of such a tool. 

2)      ID technologies are inherently surveillance technologies (and so are many forms of critical digital infrastructure).
Identity technologies operating to differentiate individuals from other individuals, and groups from other groups, citizenship or membership in particular political communities. The history of identity technologies has many cautionary tales about the use of identification schemes to exercise discrimination and prejudice. Dependence upon the issuer and the possibility of deprivation/revocation. In a 2009 report on best practice in eID, ENISA has identified eID technology as having a strong potential threat to article 8 rights ECHR – especially when compulsory, and having inherent privacy risks, particularly around disclosure and mis-use

Digital Infrastructures also have surveillance potential, and the ability to impact upon fundamental rights such as privacy and the security of personal data. This primarily emerges from some of the abilities of digital technology (ability to keep large volumes of data, to search rapidly across databases, and to  perform repetitive functions cheaply). Any system that keeps a log of events, has a surveillance potential.

This is not enough (in itself) to dismiss these technologies, sometimes society benefits from differentiation – for example, between those who need to access a public service, and those who do not. Sometimes surveillance is a legitimate tool. However, these inherent surveillance capacities should give us a moment’s pause, and be cause for reflection, and careful design and policy choices intended to minimise the potential impact upon privacy.  – For ENISA this explains some form of privacy feature in all eID systems (for them, a privacy measure is anything that increases the control of the card owner over what data are disclosed, when and to whom)

3)      These are not the only political issues involved in Critical Digital Infrastructure

·         Alongside the surveillance potential, there are other political issues involved in critical digital infrastructure, including the setting of political priorities, and the construction of political problems to which digital infrastructures are being proposed as solutions (what is the infrastructure for?). There are also fairly standard issues of cost, and the allocation of limited resources.

Canadian sociologist David Lyon writes about what he calls ‘the card cartel’, a shorthand for the way that governments, private industry and technologies themselves come together to determine the nature and functions of identity card systems (and can likely be extended out to the way that other critical digital infrastructures are procured and set up). Many technology providers are ready to supply governments with technologies, and their expertise is also drawn upon in designing such infrastructure.


4)      There is an important role for policy and decision makers in the design and implementation of political technologies.

I'd return to this in the conclusion,  but the upshot of the first three assumptions, is that policy makers (of various sorts) should be involved in the political choices surrounding standards for digital infrastructures.

Part 2 – UK examples [this section draws upon the article I wrote for Hard Times magazine in Germany]

1)      The withdrawn ID card

Unlike a large number of other European countries, The United Kingdom does not have citizen identity cards. Whilst identity cards were introduced during the World Wars for purposes of recruitment, rationing, and preventing espionage, they were withdrawn after the end of the war due to public opposition. After September 11th 2001, when the Labour government brought forward a series of proposals and discussion that would culminate in the Identity Cards Act 2006. This proposed a central identity register, initially using freshly collected and verified biographical and biometric data, but later pulled together from existing government databases. This would enable identity to be associated with a singular authoritative documentary source.[i] This register would support a physical national identity smartcard checkable against the register through card readers. The scheme would have been voluntary at first but eventually compulsory and citizens would pay for the card.

Opposition centred on the changing relationship between the citizen and the state, the burden placed upon the economically vulnerable, privacy violations and potential for state abuse, the insecurity, unreliability or cost of the system, and that the system could be a distraction from other policies. Opponents, such as the campaigning group NO2ID sought to highlight the register rather than the card itself, as well as the audit trail generated as a record of every transaction was logged. Also criticised the plans as being led by procurement issues and management consultants rather than designed along sound information technology principles.[ii]

Ended with 2010 general election, and the Conservative/Liberal Democrat coalition that followed. One of (few) points of agreement between the two parties. They could both reject the perceived authoritarianism of the previous government whilst playing up their shared liberal credentials. The end of the project was made law through the Identity Documents Act 2010 which repealed the Identity Cards Act 2006. This called for the scrapping of the register and card, but retained laws on counterfeit identity documents. The ID card database was physically destroyed in February 2011.

2)      The current eID proposals

In contrast not a card, but rather an system for allowing users to prove who they are to a range of service providers (both government and potentially private), using a chosen identity provider.
according to the Cabinet Office, the new model is customer centric, driven by customer needs in a market arrangement.

UK Govt intends to set up a ‘hub’ which will act as a clearing house for identity information, and as a catalyst for getting the identity market up and running.The intention appears to be to build an information infrastructure that would be of use outside of the public sector, and to publish standards, frameworks and APIs that would allow other developers to build services on top of that infrastructure – as is the case in Estonia, Belgium, and in Germany. Service providers will publish their requirements (based upon risk management) and identity providers will vouch for an individual that they have met these standards.

Part 3- Lessons from UK ID and eID for Open standards in Critical Digital Infrastructure.

Linking this to open standards in Critical Digital Infrastructure, the UK ID card scheme far from ‘open’. It was closed, opaque, limited access (pay for use of the register), generally designed around state needs and priorities, little public input into the design choices (basically an internal passport), an obsolete technology, with no standards, no API, developer toolkits etc).

Currently proposals are somewhat more open, but in a market sense, rather than anything related to free and open source software. There is a central hub, and the citizen will supposedly be able to choose from a range of identity providers. Private sector services are potentially able to use the eID system to authenticate users.

Critical questions are 1) trust, and 2) use/purpose. Open standards can play a role in both of these areas.The apparent ‘need’ for eID systems arises from uncertainty over identity claims. That your word as to your identity is not sufficient. This leads to a following question - If I don’t trust you (your identity claim), why would I trust an identity provider that you have chosen? There will inevitable be some selection for which providers of identity are able to enter the market, and this might be particularly difficult for individuals or small groups - I don't envisage you being able to 'roll your own' identity provider, the way you might host your own websties.

With regard to use – the ID card, wasn’t very useful (it was also expensive), and this translated into (part of) its lack of popularity. 

Some of the issues around open standards in critical digital infrastructure can be found in general issues of open software, and also in debates around encryption and the failure of security through obscurity. I didn't include this in the talk, but I was thinking about how open standards might proliferate surveillance potential of infrastructure systems, in the absence of some form of oversight or regulatory cover (accountability), but I think this would be highly dependent upon the make up of any given system (and its social context). 

Open standards (infrastructural transparency) may be one way over overcoming tendencies towards entrenched interests in critical infrastructure design. 

Contribute towards the transparency of the process (but – ‘open’ has to have some element of control or influence, not just ‘visible/readable – read/write) – transparency of process is as important, BEFORE we get to standards (open or not). 

Open standards allow New uses to be made of the infrastructure (in a generative fashion), that might not have been thought of by the original designers. But this also allows a way around unresponsive incumbents.

The two examples show different roles for the key political actors (options, different role of government)

for ID cards – government as provider, owner and controller of central register, the guarantor of identity in the last instance whilst for the e-ID the rhetoric is quite different, government is positioned as catalyst and facilitator, providing a set of protocols for interaction, and then stepping back to be a consumer of online identity.

[i] Barnard-Wills, 2012, p.38
[ii] David Birch. The Digital Identity Reader. Guildford. Mastodon Press. 2011. p.21

Monday, 18 March 2013

Playing with Privacy out and about

Recently, I've had a couple of invitations to go and talk to people about the Privacy card game, and then play it with them, which has been great. Firstly, I had an invite from Rosamunde Van Brakel to the Vrijie Universiteit Brussel to play the game with a surveillance studies reading group there on a snowy Monday. These photos are all taken in the calm bit during the session when people have (sort of) got the rules of the game, and I can just stand around not doing much.

Secondly, Professor James Harding, at the University of Warwick, gave me the chance to talk to his undergraduate Performance Studies class on Theatres of Intelligence, Espionage and Surveillance. I gave a talk about a political theory approach to surveillance, and the importance of the politics of the representation of surveillance, and then introduced the Privacy card game. They seemed to take to it pretty well, and this class saw some pretty devious and cut-throat play at times. This session was also pretty good for exploring some of the classroom potential of the game.

I've really been enjoying these events. Now that the play-test phase of the game is over, and the project has pretty much concluded, they're as much about sharing the project, and storing up thoughts for what direction to take this work in next. More good news about this project is that a paper based on the research has been accepted for publication in Political Studies, some point during 2013.