Calling The Tweet Police

[updated 2012-12-27@17:11 to reflect comments from TJ McIntyre] [edited introductory paragraphs at 20:34 2012-12-27 reflecting feedback from Aoife below, fair comment made and responded to] [Note: This has been posted today because RTE are doing a thing about “social media regulation” which means that levers are being pulled that need to be red flagged] I drafted this post on Christmas Eve morning 2012. The original post had the introduction below. One person (out of the 600+ who have read this post by now, a few hours after I posted it) felt that the opening was too hyperbolic. Perhaps it was, so I decided to tweak it. I did hope I wouldn’t have to publish the piece I’d drafted. But the fact that the opening item on the 6pm news on the 27th of December 2012 was a piece about the Chairman of the Dáil communications committee announcing that the committee would meet in the New Year to discuss regulating ‘Social Media’ meant that my misgivings about the approach of the Irish political classes to the use of Social Media were not entirely misplaced. I’m writing this on Christmas Eve morning 2012. I dearly hope I never have to publish it. If I do it will be because the Government I helped elect will have abandoned any pretence of being a constitutional democracy and will have instead revealed its true insular, isolated, clientelist nature in a manner that will disgust and appal people. And this will be all the more disturbing as the Government will have used real personal tragedies to justify this abandonment of principles. But I am not hopeful. If this post sees the light of day something will have gone horribly wrong with the Irish Body Politick. That the content of the media coverage today echoed the expectation I set out in the paragraphs below for the rationale of any review of regulation (“cyber bullying” and other misuses/abuses of social media) suggests that, perhaps, this post might contribute a useful counterpoint to a perspective that appears to dominate the mainstream.

The Issue

I fully expect within the early weeks of 2013 for the Irish Government to propose regulations requiring that users of social media be required to tweet or blog in an identifiable way. No more anonymous tweets, no more anonymous blogs. The stated reason will be to “combat cyber bullying”. Sean Sherlock TD is quoted in today’s Irish Times (2012/12/24) calling for action on anonymous posting. This is ominous. Others quoted in that article are calling for “support systems” to help TDs deal with the “venom” being targeted at them via social media. While the support systems suggested are to be welcomed, the categorisation of expressions of opinion by citizens as “venom” is, at best, unhelpful and, at worst, disingenuous. What seems to be in pipeline to be proposed to stem this tide is almost inevitably going to be some form of requirement that people verify their identity in some way in blog posts or tweets. Remove the veil of anonymity, the reasoning will go, and this venom will go away. The “keyboard warriors” will put their weapons beyond use and step in line with the process of government and being governed. The fact that politicians are lumping Facebook in with these other platforms illustrates the tenuous grasp many have on the facts – Facebook already requires “real identity”  policy, which raises problems about what your real identity is and has been flagged as potentially in breach of EU law by at least one German Data Protection Authority.

Why this is a bad idea

In Orwell’s 1984 a shadowy figure of the State ultimately breaks the protagonist Smith, requiring him to give up on love and private intimacy and resubmit to a surveillance culture in which the Thought Police monitor the populace and the media tells everyone it is necessary to protect against the “enemy”. That shadowy figure is called O’Brien. My passion for data privacy is a reaction to my namesake, and from that perspective I can see three reasons why this is A VERY BAD IDEA.

Bad Idea Reason #1  – What is Identity?

Requiring people to post comments, write blogs, or tweet under their own identity creates a clear and public link between the public persona and the private individual. The supporters of any such proposal will argue that this is a deterrent to people making harsh or abusive comments. However, in a fair society that respects fundamental rights, it is important to think through who else might be impacted by a “real names” policy. There are quite a number of examples of this, the most famous recent example being Salman Rushdie having his Facebook account suspended because it didn’t think he was him. Identity is a complex and multifaceted thing. We all, to borrow a phrase from T.S Eliot, “prepare a face to meet the faces that we meet”. The GeekFeminism Wiki has an excellent list of scenarios where your “real name” might not be the name you are really known by. In Ireland, people who would be affected by a “real names” policy in social comment would include:

  • Public servants who cannot comment publicly on government policy but may be affected by it
  • Survivors of abuse
  • People with mental health concerns or problems
  • Whistleblowers
  • Celebrities.

A real names policy would require that every time Bono tweets or blogs about Ireland, Irishness, or Irish Government policies he would have to do it under the name Paul David Hewson. And who the heck would be interested in an opinion expressed by Paul Crossan about epilepsy?

Bad Idea Reason #2 – How will it work exactly?

It is one thing to say that you want people to post comments using their identity, but it is another thing entirely to get a system in place that actually works. Identity is a “flexible” thing, as outlined above. Facebook require evidence of your identity in the form of personal ID (passport/driver’s license). They have the resources to process that data securely. But they still get it wrong (see the Salman Rushdie example cited above). If verifiable identities are required for comment, then how exactly would a small personal blog that is used to exercise my mental muscles outside of my work persona (domestic use) be expected to handle the overhead of verifying the identity of commenters in a verifiable way. Would I be expected to get people to register with the blog and provide evidence of ID? Would I be able to get a grant to help implement secure processes to obtain and process copies of passports and drivers licenses? Or will the State just require that I shut up shop? Would the State indemnify me if this blog was compromised and data held on it about the identity of others was stolen? Every few years we used to hear similar calls about the registration of mobile phones. The argument in favour of registration usually goes: “If they have to register, bad people won’t use these phones”.  That argument is bunkum. I’ve written about it at length here but the short form:

  1. If people have to register and provide ID for verification, they will use fake ID (as is happening in China with their mobile phone registration requirement)
  2. If the law is to register, strangely it is unlikely that that would bother criminals by definition they find the law an inconvenience rather than a barrier.
  3. If people are required to register without some form of identity verification then you’ll wind up with Mr D. Duck of  The Pond owning a lot of phones. A pseudonym, so no more identifiable than a picture of an egg.

Applying this to a proposal for a “real names” policy for tweets, blogs, comments and other social media discourse and we wind up with a situation where, to achieve the objective that the proposers of non-anonymised comment seem to be seeking, would result in a disproportionate burden being placed on those of us who engage in debate on-line. Even then it would not be fool proof. And a non-verified identity is nothing more than another pseudonym. I could, for example, use the name of another person when “registering” to comment. Or a fictional duck. It is worth noting that South Korea is abandoning its “Real Names” policy for social media for a variety of reasons.

Bad Idea Reason #3  –  The logical principle must be technology neutral

Blogging, tweeting, social media… these are all technologies for self-expression and social interaction that barely existed five years ago and where unheard in the mainstream of a decade ago. Therefore any regulation that requires identification of commenters must be framed in such a way as to anticipate new technologies or new applications of existing technology or risk near instant obsolescence. Therefore the regulation would need to be technology neutral. Which means that, in order to avoid it being discriminatory and to ensure it has the fullest possible effect, it would need to be applicable to other forms of technology.

When debating this on Twitter with Harry McGee on the 22nd December I asked him if he saw a difference between Twitter and a malicious phone call or an anonymous pamphlet. His response was they were, in his opinion, the same. So, if tweets are the same as anonymous pamphlets, the logical extension of needing to be able to identify the tweeter is a need to be able to identify the pamphleteer. The State would want to be able to identify the author of a published thought. We have seen this before. In fact, the seeing of it before is one of the reasons that the EU has a right to personal Data Privacy (introduced in the Lisbon Treaty) and why the strictest interpretations of Data Protection laws in Europe tend to be in Germany and former Soviet bloc countries. Have we managed to forget that, within the lifetime of people now in their mid thirties, governments in Eastern Europe required people to register their typewriters with the State so the State could identify the writers of letters, plays, pamphlets and other communications? As Mikko Hypponen of F-Secure (one of the world’s leading experts on information security) says in one of his many presentations:

In the 1980s in the communist Eastern Germany, if you owned a typewriter, you had to register it with the government. You had to register a sample sheet of text out of the typewriter. And this was done so the government could track where text was coming from. If they found a paper which had the wrong kind of thought, they could track down who created that thought. And we in the West couldn’t understand how anybody could do this, how much this would restrict freedom of speech. We would never do that in our own countries. But today in 2011, if you go and buy a color laser printer from any major laser printer manufacturer and print a page, that page will end up having slight yellow dots printed on every single page in a pattern which makes the page unique to you and to your printer. This is happening to us today. And nobody seems to be making a fuss about it. And this is an example of the ways that our own governments are using technology against us, the citizens.

So, if we can uniquely identify the typewriter or the printer shouldn’t we take the logical step and have the owner register it, just like in communist East Germany in the 1980s? So that when a pamphlet or letter is sent that has the wrong kind of thought the relevant authorities can take action and immediately stop that kind of thing. But sure, we’d never do that in our own country. We’d just ask everyone register their identity before blogging or tweeting. Totally different. The Government would never propose the creation of a register of printer owners. Would they? {update: here’s an article from EFF.org outlining their take (from the US) on why “real name” policies and regulation are a bad idea }

Use the laws we have, don’t create crazy new ones

But something must be done!! This is an intolerable thing, this “cyberbullying”. And indeed it is. But let’s not get hung up on the label. It is not “cyberbullying”. That is bullying by a fictional race from the TV show Dr. Who.

What this is is inappropriate and/or malicious use of communications networks and technologies. It is no different from a smear poster campaign, a co-ordinated letter writing campaign, or a malicious calling campaign. And there are already laws a-plenty to combat this in a manner that is proportionate with the curtailment of freedoms of speech and rights to privacy. Bluntly: If your conduct on-line amounts to a criminal act or defamation it is almost inevitable that your illusion of privacy will evaporate once the blow-torch of appropriate and existing laws are applied.

The power to pierce privacy in this case comes from the pursuit of a criminal investigation of what are deemed under the Communications (Retention of Data) Act 2011 as serious offences. Any social media provider will provide information about users where a serious offence is being investigated. It’s in their terms and conditions (see Twitter’s here – Section 8). This would allow the identification of the IP address used at a date and time for transmitting a message via twitter and could be used to compel a telecommunications provider to provide the name of the account holder and/or the location of the device at the time and at present. But it is done under a clear system of checks and balances. And it would be focussed just on the people who had done a bold thing that was complained about, not placing a burden on society as a whole just in case someone might do something naughty. I would ask the Government to use the laws we already have. Update them. Join them up. Standardise and future proof their application. But do so in a technology neutral way that isn’t swiping at flies while ignoring larger concerns. And please don’t mandate non-anonymised comment – it simply doesn’t work.

The Risk

When proposing any course of action it is advisable to prepare for the unintended consequence. With this chatter of requiring comment to be identifiable comes the risk that, should it happen, the social media data of Irish citizens will become either more valuable (because marketers will be able to mine the “big data” more efficiently) or less valuable (because we switch off and there is less data to meaningfully mine). There is also the risk that our Government will, yet again, send a signal to the world that it just doesn’t understand On-Line, for all its bleating about a “Knowledge Economy”. And at that point we may become less attractive to the foreign new media firms who are setting up base here. Like Twitter, LinkedIn, Facebook, etc.

Conclusion

Requiring identifiable comment is a dumb move and a silly non-solution to a non-problem. The problem is not anonymity. The problem is actually how we evolve our laws and culture to embrace new communication channels. We have always had anonymous comment or pseudonymous dispute. Satire thrives on it, art embraces it, and literature often lives through it. Just because every genius, wit, and idiot now has a printing press with a global reach does not mean we need to lock down the printing presses. It didn’t work in Stasi East Germany or other Soviet Bloc dictatorships. Other solutions, such as working the laws we already have, are preferable and are more likely to work. Educating users of social media that there are still social standards of acceptable behaviour is also a key part of the solution.

Tagging the typewriters is NEVER the answer in a democracy. This O Brien stands firmly against this particular Thought Crime.

Posted in Data Protection, Ethics & Law of Information, Irish Blog Culture, Politics & Culture, The Business of Information and tagged , , , , , .

17 Comments

  1. It is a real shame that you chose to start your blog post with some hyperbolic nonsense as is entirely distracts from the rest of your post. You start by saying that you won’t publish unless the Govt has ‘abandoned any pretence of being a constitutional democracy. However you then publish it 4 days after it was written when all the Government has done in the intervening period is bury a Minister of State and had a few days off for Christmas. Your pretence for publishing is the fact that a media organisation (not the Government, you know this) decided to look at the ‘regulation of social media’. So instead of taking part in that discussion with a post that explores some of the issues, you have to pretend that somehow our democracy has been destroyed while people were stuffing themselves with turkey.

    It is a real shame that you had to appoint yourself as the aribiter of when democracy ended and the arbiter of what issues we are allowed discuss because your post contains some points that should be part of a discussion of social media. But since you told us all that our democracy has ended in the first paragraph then what is the point of reading on?

    • Fair point. I’ll edit the beginning to more accurately reflect what has happened – that a Government TD has announced that a Government committee will be looking at regulation of social media. I include a comment to that effect linking to the RTE news story in the opening. I don’t believe I haven’t appointed myself an arbiter of anything. I have simply pointing out that:

      1) There are a number of legislative provisions governing the misuse of any medium to harass people – appropriate use of these, enforcement of these, and updating of some of the more archaic legislation might clarify the situation for users of social media – engage in harassment etc and you can be identified and prosecuted.
      2) There are a number of very clear situations where anonymity of commenters using social media, or any media for that matter
      3) There are clear risks to the fundamental rights of EU citizens to personal data privacy in any regulation of social media
      4) The logic which is being put forward for (potentially) regulating anonymity of social media comment should be equally extended to other technology and media formats, which raises the question of historic parallels that are disturbing.
      5) There is a trend away from “real name” policies in social media sites, not least because of the ‘fluidity’ of identity (people don’t always use the names they have on ‘official’ id – Salman Rushdie is a high profile example of that).

      The point of reading on is that you might learn why I am dismayed at how personal tragedies are being cited as a reason for considering regulation where regulations already exist. Far better that we consider how to educate and support people about good social conduct on social media, and how to seek help if conduct of others is harassing or causing harm.

    • If you would like to address any of the actual points I made in the post itself (as opposed to critiquing my writing style – which I’m grateful for BTW) I’d be glad to discuss them.

    • Also, having re-read my piece twice I can’t see where I dictate what issues should or shouldn’t be discussed. Quite the opposite. I suggest that if there is to be a discussion about requiring identification of commenter in social media then that same discussion should be had with regard to the printed word as well. Let’s open up the discussion entirely rather than tying the question to the on-line domain.
      Also I never said democracy had ended. I just said that the Government would have abandoned the pretence of it. There is a subtle but important difference.

  2. I am confused by your post. On one hand, you compare a possible crackdown by the government on social media as Orwellian or Soviet-like, and on the other, you conclude that you’d prefer that the government just use the existing legal framework to apply existing laws to social media rather than create new ones.

    The thing is, most existing laws (i.e. those applied to post and telephony) are very intrusive. Newspapers rarely print anonymous letters or articles because they are liable as publishers. And phone operators have the technical capability to track pretty much everything that you do with your phone, including the web sites you visit and your IP address. Once radio cell sizes decrease (as they will continue to do in the next few years), they will know where you are doing it from, down to the nearest few feet (irrespective of whether you have location services/GPS activated on your phone or not). And if the media and phone companies have that information, any government can get it. If you really value privacy, you wouldn’t want existing laws extended to social media.

    At least our government is democratically elected. Twitter, Facebook, MySpace and lots of other social media companies are run by people who decide how much privacy you will get when you use their product. Their commitment to protecting your identity for your sake depends completely on the whim of whoever happens to be running the company at a particular time. They know what you wrote, when you wrote it and more importantly, where exactly you wrote it. Do you really think the owners of the late and not-so-lamented News of the World cares that deeply about the online anonymity or well-being of the average user in their sister company, MySpace?

    We live in a country where most police stations don’t have basic internet access, so I’m not particularly worried about any social media crackdown by the state any time soon. But I do care that it is far easier trash someone anonymously than it is to prevent it or seek restitution. The Limerick Leader has a story this week of a teenager who was subject to harassing calls after someone posted her number onto an escort website.

    We don’t have an absolute right to free speech in this country, and I don’t see why social media sites that make public the postings of their participants should have the freedom to publish hateful or false material not permitted of any other communication medium.

    I’m glad you posted this, because it is good and proper to have a debate about such matters. However, I respectively disagree with the target of your ire – I’m far more worried about the responsibilities and power of the social media publishers than of anything the Irish government might do.

    • The key point I am making is that any call for “more regulation” must be made in the context of actually understanding what regulations currently exist. And there are lots of them.

      Extending regulations to make anonymous comment impossible creates serious issues about freedom of expression and privacy. The legislation agains (for example) harassment (s4 of the Non-fatal Offences against the Person Act) allow for balance to be struck – don’t abuse your anonymity and there will not be grounds to pierce it. And this is the challenge – ensuring appropriate balance between competing human rights.

      In the context of the existing legal frameworks they provide mechanisms to uncover identity of a person who commits an offence. The alternative (removing anonymity) means commenters sacrifice their privacy rights just in case they might do something wrong. A presumption of inevitable guilt.

      I point out that there are practical issues with any form of “real name” policy. There are a number of examples of this and German Data Protection authorities see it as a Privacy issue. I cite a number of sources that provide detail of scenarios where anonymous posting is required to allow free speech.

      I argue that if we accept that social media comment should not be anonymous then we have to accept that no comment can be anonymous and we then find ourselves in a situation where the logical conclusion is that an medium of mass production of comment (e.g a typewriter or a printer) must equally be de-anonymised.

      You talk of “social media publisher”. That term needs clarification. Do you mean a commenter using social media tools, or a social media platform company, or a private person running a personal blog site?

      How exactly (in any of the contexts outlined above) do existing laws not provide remedy for defamatory, harassing, or otherwise harmful comment where those laws to be used?

      The path to hell is often paved with good intentions. “More regulation” may not be the solution here, regardless of your faith in government.

  3. Hi Daragh,

    I completely agree with you when you say that the challenge is ensuring an appropriate balance between competing human rights. For me, the issue is context – when a person could reasonably expect to have privacy based on how widely the information they have published has been disseminated.

    Take this discussion right now – I have to post my email address and name as proof of who I am – it is a requirement of your site.

    People have to make active decisions to participate in online discussions – whether it is to join Facebook or Twitter, or contribute to a bulletin board. They can preserve their privacy absolutely by simply not joining – but once they do – they have already sacrificed their privacy to (usually) a private company that could decide at any time to pass that data to governments, police, etc. You mentioned my faith in government – I doubt it is any stronger than yours – but I have far less faith in companies.

    Hence my earlier comment that extending existing communications laws to social media would be hugely restrictive. I’m not looking for more laws either – merely pointing out that there is very little right of privacy with existing communications media. More and more people in Ireland use their mobile phones for social media interaction and I don’t think people really realise how trackable they are on a mobile phone, even pre-paid ones. And because communications operators are very heavily regulated, they tend to be compliant with govt regulation.

    You raised other interesting points – I’ll come back to them later,
    BR,
    John

    • John

      That is the key point – the balance between privacy and the nature of the content or comment.

      You rightly point out that you have to provide a name and an email address to post a comment here. However it is not a requirement that that name or email address be ‘real’. A pseudonym and an email address would let you comment. That is, in part, one of the components of the issues I raise – the fact that requiring “real names” raises a requirement to validate identity that is simply burdensome on private citizens and personal blogs and ultimately is fraught with problems of what is an identity (the Salman Rushdie example).

      Absolute preservation of privacy is, as you say, assured by not joining a social media site. But the discussion here is about social media comment, not just the privacy policies of Twitter etc. And a company cannot, as you suggest, simply decided at any time to provide personal data to the government or police. There are clear laws (e.g. the Data Protection Acts, the Communications (Retention of Data) Act) which set out the controls and balances that need to be in place for information to be disclosed. These are important controls in the context of telecommunications companies and other entities processing personal data. The legal framework that exists around personal data privacy in Ireland (and the EU, and increasingly world wide) is predicated on balancing competing rights and provides remedies where that balance is not respected.

      At no point do I suggest extending existing communications laws to social media. The simple fact is that there are existing laws that already apply to any form of comment or communication. Social media is not an unregulated space, it is as regulated in this regard as any other medium of communication. There is no need for extension. There may be a need for review and updating of some legislation to address dichotomies in definitions (such as the 1951 Post Offices Act (as amended) defining a ‘telephone service’ in a way that has been interpreted narrowly by the Courts versus the broader definition of ‘telephone service’ in the 2011 Communications (Retention of Data) Act).

  4. As a regular commenter on certain sites, I increasingly find that comments in (imo) interesting or important articles are swamped by what I can only describe as politically motivated trolls. For instance on the CIF section of the Guardian website, I increasingly feel that every article that is critical of the conservatives, the republicans, the religious, the rich, (more recently) the NRA, is met with a barrage of what seems like organised posting of comments posting against the article or author or media outlet.
    It seems to me that if some kind of identity validation were to be put in place, a lot of the chaff would naturally blow away.
    I think that total anonymity is allowing a dumbing down of important discussions. It also allows ‘focus groups’ to anonymously project their point of view as if it is just a regular user. The biggest example has to be the Pro Israel groups. Anywhere where there is even the slightest criticism of the Israelis, hordes of ‘anonymous’ commenters make contributing pointless.
    Don’t get me wrong, I am a tireless supporter of T J McIntyre and the issues that he highlights. I hate the idea of anyone legislating the internet, especially the US, but I do think that anonymous posting in certain circumstances renders the whole posting of comments a complete waste of time.

    • In the contexts you highlight, surely the correct response is for media sites to apply moderation and perhaps require validation of an email address before a comment can be published, just as anonymous letters to editors are not published (but names can be withheld by the editor at request)

      But there is a big step between an editorial policy and a mandated policy of de-anonymization. Responses must be proportionate.

      And any editorial policy on “real names” in a media site still runs afoul of verifiable validation of identity given how quick and easy it is to set up free email accounts on gmail, hotmail, etc.

  5. Pingback: Going Back [Podcast #53]

  6. Pingback: Stasi-esque | Karl Monaghan's Blog

  7. Pingback: Call the Tweet Police (a slight return) | The DOBlog

  8. Pingback: Ready, Fire, Aim : Asking the wrong questions of Social Media

  9. Pingback: Ready, Fire, Aim : Asking the wrong questions of Social Media « Facebook Disabled My Account

Comments are closed.