privacy

Hasan Elahi is an interdisciplinary media artist with an emphasis on technology and media and their social implications. His research interests include issues of surveillance, sousveillance, simulated time, transport systems, and borders and frontiers.

At Lift11, Hasan will tell us his incredible story: he was taken into custody of the FBI as a terrorist suspect in the United States by mistake, and ended up living totally in public to protect himself from surveillance. His talk will show how forfeiting your privacy can in fact become a new form of protection of your identity.

Hasan Elahi

Associate Professor
University of Maryland (US)
» View Lift11 speakers

Laurent Haug: Tell us your story, what happened?

Hasan Elahi: I was coming back from an exhibition in Dakar. As I pass through the US customs in Detroit, I handed my passport to the agent who froze. Something was obviously wrong. I was taken to a large room that belonged to the INS - the now defunct organizations regulating immigration, which which no US citizen normally ever interacts. A guy in a dark suit walks to me and says "I expected you to be older". I asked "please explain!" The guy starts questioning me, and out of nowhere he asks me "where were you on September 12?". I could not remember. So I took my Palm out of my pocket, and we looked up together on my calendar for detailed records. He then started to question me on a storage unit I had in Tampa, Florida. "What do you have in it?" I had clothes, junk, he looked confused and asked "no explosives?". The FBI had received a report about "an arab man hiding explosives in a storage unit in Tampa".

The whole thing was very strange. I had no idea what was happening. More than a confusion, it was a paranoia. I think I convinced the agent I had in front of me I had done nothing wrong. But the machine was started, and there was no way to stop it. For six months I spent my time in meetings at the FBI office, calls with the FBI, etc. It only ended when, after 9 lie detector tests, I was finally cleared of any suspicion. During that time, I had a strange survival instinct that was telling me to cooperate. I knew what was happening to me was completely illegal, and I could have fought back. But I wanted to avoid the confrontation, so I told them every single detail. I was calling every time I was moving to make sure they knew where I was and not raise a red flag.

What was your reaction after the first 6 months?

I decided to disclose my whole life online to let the FBI know where I was. I programed a software that allowed me to share my location and what I was doing. We are talking 2003, way before Facebook places or Foursquare ;) What I wanted to do was create a file on myself, a file bigger than the FBI's file. Then it hit me: why only the FBI should know that? If I started flooding the world with my information, I would devaluate their information on me and make it worthless. Their information would have no value as it would be less exhaustive than mine. It was a very symbolic action, but if you imagine 300 million people doing that then the whole intelligence system collapses.

At the beginning my system was only disclosing where I was with a photo. Then the project grew, I added my flight data, my bank records, my phone records.

Then I started to share every single detail. Food, beds I sleep in, toilets I used, etc. And the funny thing is that people started to get nervous, they were like "we don't need to know all this!" :) That is where I realized I was living an amazingly anonymous life. That data overload was in fact recreating my privacy. As you can not detach from Google search results, the only option you have is to flood the system, take power. You can not delete stuff, so bury it! My project - which started as an art experiment - turned at that point into an identity management mechanism.

What was the reaction of your friends and family?

First people would ask me to not stop at their houses. But as I value other peoples' privacy, I made sure nobody was recognizable on the pictures I was publishing. Today we are talking over the phone together. But I will only disclose I was on the phone, at that time, at this location. Not who I was talking to. What I do is store pointers to information, not necessarily the information itself.

What do you want to do with this project beyond protecting yourself?

I want to expose the weaknesses of current intelligence techniques. We are very good at gathering information, but very bad at analyzing it. This is a widespread problem for society and business in general - way beyond the borders of the intelligence community.

I also want to show that it is not about fearing big brother. You can turn back the lens. That is when things start to get really interesting.

Swiss Federal Supreme Court recently (Sept. 8, 2010) ruled against Logistep AG recognizing IP addresses as personal data, therefore subject to the Data Protection Act. This much awaited and internationally watched decision is a clear signal that companies or industry groups cannot mandate private companies to substitute themselves to justice by intimidating or acting as bounty hunters in our society.

The second important outcome of this decision is the recognition of IP addresses as being personal information falling under the Data Protection Act. This is a step forward in the protection of privacy and personal information increasingly being discussed around the world.
However, this should definitely not be interpreted as Switzerland being a piracy safe haven. Nor should it be considered to mean that pirating content is legal. It only recognizes this fundamental right to privacy in the digital realm and probably that copyright needs a major rethinking on a global scale (not in the traditional territorially based approaches (e.g., HADOPI in France), nor as highly controversial international treaties (e.g., ACTA).

At the end of the day and looking at the reactions of Logistep AG and other industry actors, it is sad to see that we’re still stuck in this old debate of an industry refusing to understand the world has changed, and consequently their business, looking at the issue as an opportunity rather than a threat. Dematerialized services are here to stay. We need to embrace this with the appropriate mindset allowing to accommodate all stakeholders. We have reached the limits of traditional legal approaches to such global issues. Join the conversation…

Jeff Jarvis follows up on privacy and on a 2009 post I wrote on the rebirth of privacy (part 1, part 2). He adds several great points to the discussion:

“Privacy was once free. Publicity was once ridiculously expensive.

“Now the opposite is true: You have to pay in a mix of cash, time, social capital, etc. if you want privacy.” [...]

Now let me make a caveat: privacy and publicness are neither mutually exclusive nor binary; they aren’t competitors at all times. So this is an oversimplification, which I’ll oversimplify even more:

Once-abundant privacy is now scarce. Once-scarce publicness is now abundant.

The New Economics of Privacy

This debate is far from closed, and we are considering reopening it at Lift11 despite the fact it was discussed in 2010. This is big, this is about all of us, this is still an open question:

• There is no consensus on what is acceptable in terms of disclosure in the public place.
• Awareness is still low on the dangers of sharing information with the wrong people
• Where are the legal texts governing what social networks can and can not do?
• How are we going to recreate the right to be forgiven and forgotten in the virtual world?

Should we talk about privacy again at Lift11?

When: Thursday May 6, 2010 , 18:00 (program begins at 18:30), cocktail 21:00
Location: Opposite Lift10 conference center : Conference Centre Varembé (CCV), 9-11 rue de Varembé, Geneva, Switzerland Map
Free registration required before Wednesday 5 here

Mobile Monday workshop at Lift10
Mobile Monday Switzerland workshop brings mobility right at the heart of the Lift10 conference and this year's topic "Connected People" is just the right one for mobile innovation. Come and discuss with us social and cultural success factors and the technology cocktail of smartphones, application stores. And enjoy drinks and cocktail with Lift and MoMo "mobile connected people". They will present their views on the following topics :

• Communities : how is Mobile Web 2.0 progressing and what are social / technical challenges ahead?
• Old new media : what is the role of mobile media and entertainment in this new media space and how will mobile engage people?
• Evolution of privacy : how much will people share location, phone contacts and real-time messages.

Format for this meeting: Short presentations by MoMo speakers from chapters worldwide, and a panel interaction. Full program here

Invited Speakers : Dan Appelquist, Sivakumar Kuppusamy, Monty Metzger, Katrin Verclas, Peter Vesterbacka, Jukka Kiiskinen and met our MoMo Switzerland team : Peter Angelos, Sid Arora, Claude Florin,Christine Perey, Nicolas Sierro.

Beside team communications, this blog features posts written by community members. If you have a Lift account you can also share your thoughts and ideas by clicking here. Here is food for thought about privacy and the internet of things shared by Italian ICT and privacy law expert Nicola Fabiano.

We are living in a globalized era and the fast process of technologies evolution modify our lifestyles. In fact, with reference to the Internet of Things (IOT hereafter), there are issues related to privacy, with security and responsibility.

IOT system leads to the transfer of information over the Internet, using for instance RFID technology. Personal Information may be transmitted only when the subject where is installed the microchip is linked to a person.

Obviously, there are two possibilities regarding the connection to the person: (1) We could have a direct link when the user is aware of the possible transmission of personal data and lend consent to this. (2) Alternatively, the connection may be indirect when the object is not linked explicitly with the user but only through the use of information that belong to the person. Imagine if the person buys a object with RFID or similar technology, but it isn’t linked to the object. In the purchase process, if the person can be identified through payment with credit cards or loyalty cards that indicate the type product purchased, you could have an indirect connections.

In fact, the person may have previously provided his or her consent for the dissemination of data relating to purchases (the simplest example concerns the supermarkets or big chains) for advertising purposes. In this way, a connection could be achieved with the indirect result of the person connecting to those purchased.

In terms of privacy, may a person be protected? Who manages personal data? Where will this data be stored? Hence the responsibility to set and adopt appropriate security measures. Regarding the legal framework, IoT hence generate a privacy system sui generis, because we will have a system with a sum of single privacy right. Which is why we should talk about privacies instead of privacy.

"NKM" is France's minister in charge of Forward Planning and the Development of the Digital Economy.

Recently I interviewed Nicolas Nova, editorial manager of LIFT, at the Mobile City Conference in Rotterdam, NL. The topics covered in this interview are: The future of education and learning, blended-learning, remote-accessed field trips, communication, collaboration, the changing roles of teachers & professors, surveillance, privacy and The Lift Conference. I was very impressed with Nicolas's reflections on the topics mentioned above and I make this interview available to the lift community in order to inspire thought and discussion on the topics Nicolas addresses.

An enhanced podcast can be obtained here: http://www.mamk.net/?p=727

After listening to Alexander Finger's presentation, entitled "Civil Rights 2.0 and what European Governments do to fight them" this morning, I had the feeling that the only way to preserve my privacy would be to withdraw completely from civilization and lock myself in a cave. His perspective on the way technologies can be used to collect information on us and our daily routines should be enough to raise the hair on the head of any citizen. Instead, not only does there seem to be no public debates on many practices of data collection and retention by authorities, but a large number of people seems to feel that it a lesser evil to preserve the physical safety of honorable citizen. I was already aware of the "big brother" issue, but I must say that the examples offered by Alexander Finger make it appear in a much more concrete light.

- A few years ago, an east-german journalist decided to run an inquiry on a child pornography website that was hosted on a server located in Philipines. He thus paid with his credit card to have a full access to the website and then went to the prosecutor to ask him to launch an investigation about the owners and "customers" of this website. The problem is that he was confronted with a crime, but no physical and identifiable suspects. The judge then asked the credit institutions to turn in informations about all the German cards holders who had performed online transactions of a certain amount during a specific time span. In the process, not only did the judge asked the banks to produce suspects, when one usually looks for suspects, but made hundreds of thousands, if not millions of people, potential criminals.

If something is to be remembered from the World Economic Forum 2008 edition it is probably the very candid comment made by the Wang Jianzhou, the CEO of the world’s largest mobile phone operator.

“We know who you are, but also where you are” was actually meant to convince the audience that China Mobile could use the personal data of its customers to sell advertising and services to them based on knowledge of where they were and what they were doing. Instead it turned into worries about the risk of passing over private information to Chinese authorities: with more than 370 million subscribers, China Mobile has a real-time ear and eye on 25% of the country’s citizens.

The outcry of congressman Markey (chairman of the US House of Representatives subcommittee on telecommunications) was even more surprising since most national security agencies have so-called signals intelligence collection and analysis networks (like Echelon or Onyx). That said most countries are supposed to have checks and controls in place to make sure that only court orders allow the government to check phone records.

Maybe time has come to look into more details at how the mobile phone is becoming a threat to privacy in all countries!

P.S.: It is quite revealing that the two operators invited to the World Economic Forum’s discussion on “The Future of Mobile Technology” were China Mobile and SK Telecom