[As presented today at the Space Serving Humanity seminar, London Institute of Space Policy and Law and the UCL Space Domain]
Technology moves very fast, sociology moves relatively slowly, and therefore it takes time to establish which questions are the most important to be answered in this era of change. Big Data and their relationship with privacy are particularly interesting questions for us at the moment, so I am delighted to be given the opportunity to apply this to the issue of Space.
When we talk about scientific developments relation to Space, there are some significant elephants in the room if we start to consider the impact on society of the frequent and varied changes that are taking place in the wider environment around us. These include three major questions that verge on the philosophical, and sometimes the political, which can be uncomfortable to think about, and involve holding multiple, often conflicting ideas in the head at the same time.
QUESTION ONE – HOW NECESSARY OR DESIRABLE IS OWNERSHIP?
One form of privacy is territorial privacy, the limits of other people’s rights in a physical space. In many instances this territorial privacy is intrinsically linked to ownership rights. This might be limits to access to property or even its image, for example the prohibition on taking photographs of public buildings or airports in some countries. At its simplest level it can be seen in personal ownership. I own the house I live in, for example. We are used to land (and housing) being privately owned and we routinely take this for granted (I would be very unhappy if someone took my house away!) Yet if we are brutally honest, it may not be in the long-term interests of mankind’s survival to carry on in this way. We now have a new domain up for grabs. Can or should Space effectively be privatised (or at least the right to exploit its affordances)? Or should such rights become apportioned to certain nation states? If so, how do we decide which ones, and on what basis? Can territorial privacy exist in space?
Perhaps in view of such questions, the nation state is now potentially becoming redundant. Regardless of the existence of nation states, we are currently extending the scope and remit of existing economic and social advantage, only this time on a much larger scale. In the case of Space, multi-satellite constellations might give us Big Data but even if we can usefully analyse and deploy that data moving forwards, who is deciding which data matter, and which should be privileged? As researchers frequently point out, if you put junk algorithms in, you get junk data out. Meanwhile it may be that the same small groups are repeatedly disadvantaged by multiple developments in this area, perpetually dismissed because they only form 1% of the population each time. Why is that OK? Globally this may be 70 million people we are talking about, a larger population than that of the UK. For more on why the algorithmic bias is a problem, see the work of the Unbias project team at Oxford and Nottingham. http://unbias.wp.horizon.ac.uk
Perhaps it is all too complicated. Our future may lie not in the nation state but in the hands of large supranational corporations – the Facebooks and Alphabets of this world – in a way that some might describe as undemocratic. This may be the case, but equally perhaps there is scope for new forms of democracy that embrace such things. Perhaps there will be ways to make this work that don’t disadvantage huge swathes of the global population. However we’re not there now. At the moment things are rather imbalanced (balance being an issue I will come back to later).
QUESTION TWO – IS NARCISSISM/EGOCENTRISM AN INTRINSIC PROBLEM IN TECH DEVELOPMENT?
Is the development of new technology frequently at root a narcissistic act? We talk about progress, opportunity and economic growth, but we don’t have many discussions about why we privilege the ‘shock of the new’ sometimes at the expense of the stability of the old. Rarely does anyone get applauded in the tech world for saying something clever is a liability or a waste of time. But you do get applauded for monetising things, and leveraging investment, even if there’s a case for arguing that monetising them brings about social damage (for example predatory venture capitalists buying up rights without those who may lose rights having any agency at all). Concern about this may be why there’s a current move to think through the implications of Big Data more deeply, particularly as we move to an era of artificial intelligence, where mistakes could potentially be scaled significantly and much more damaging.
The desire to control is at the heart of egocentrism and in this circumstance that means the desire to control data, other people’s data. Big data can be made privacy friendly, but it’s not necessarily the normal social starting point.
QUESTION THREE – WHAT DO WE CONSIDER TO BE SURVEILLANCE?
One person’s monitoring is another person’s prurient interest. Trying to work out where the line is between them is often rather fraught. This may not matter a great deal if a company is trying to find out what music you like, but it matters a lot more if they are looking at your house from above with a view to finding out what you are doing with your legally-enshrined water rights, or tracking you systematically across your natural roaming area just because they can, as though you were a wildebeest in some sort of natural history research project. In this way, space assets may help bring about security, for example, by ensuring that you are evacuated before natural disasters hit or war becomes a problem. Indeed in one African country without much in the way of Privacy legislation they were able to save thousands of lives by drawing on geographical and highly personal health data, and rerouting ambulances more appropriately, for example.
But the flip side to that is how we define security. When does security become unwelcome surveillance? And when does it become oppression? I happen to be a member of the Privacy Expert Group of the Biometrics Institute, an industry body, and we spend a lot of time debating similar questions. We recently concluded that it’s clear there needs to be a ‘naughty government check’ in relation to any surveillance technologies, to avoid an exaggerated form of East German population surveillance (amongst other countries) but deciding what form that should take is complicated and difficult.
The International Association of Privacy Professionals have a check they use for testing the legitimacy of monitoring and I think its sobering to apply it to monitoring conducted from space.
Necessity, does the objective, whatever it is, need to be achieved through monitoring? Could you do it in a less obtrusive way? Legitimacy. Have you got legal grounds for doing the monitoring? Proportionality. Given the objective is the monitoring intrusion proportionate to the outcome? And finally transparency. Do the people being monitored know about it and the objective behind it?
When you apply this test to the space based collection of data you immediately run into a number of issues. Who is deciding the objective? Normally the client, the state or corporate player, perfectly reasonably, they’re paying. But should they then be the people to conduct the tests? Necessity? Legitimacy? And proportionality? Perhaps it should be the nation state, through the mechanism of international law? Or supra-national bodies? Even when you got that sorted, how do you provide transparency to people on the ground who have no idea about the satellite observing them? I would contend this one test exemplifies much of the world of data, big data and Privacy
- privacy v security,
- privacy v freedom of expression & information,
- often individual rights v collective rights
We are constantly balancing competing rights. It is basically the benefits to society and the profits to corporations of the use of big data versus the inherent intrusion into our personal space and lives.
But this is not new. The OECD Guidelines governing the protection of privacy and transborder flows of personal data were written in 1980 and were brought about in the aftermath of the 1967 Space Treaty. They recognised that new forms of international co-operation and compatible approaches were going to be necessary. We find some issues embedded within this document that link to the three big questions I raised earlier. (Words in italics are quoted from the Guidelines).
- Collection limitation
‘There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject’.
Who can set limits on the data collected and who will define proportionate use?
- Data Quality
‘Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date’.
Whose definition of data quality should be used?
- Purpose Specification
‘The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose’.
Who can check whether the use is properly specified or that specified purpose followed?
- Use limitation
‘Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except a) with the consent of the data subject; or b) by the authority of law’.
How can the use be controlled? – International treaties?
- Security safeguards
‘Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data’.
With state actors some of the major players in international hacking, how will this be enforced?
‘There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller’.
How can you have transparency from a satellite miles from above earth?
- Individual Participation
‘An individual should have the right a) to obtain…confirmation of whether or not the data controller has data relating to him; b) to have communicated to him, data relating to him i) within a reasonable time; ii) at a charge, if any, that is not excessive; iii) in a reasonable manner; and iv) in a form that is readily intelligible to him; c) to be given reasons if a request made…is denied, and to be able to challenge such denial; and d) to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended’.
How can you have data subject rights e.g. access to one’s own data from the same satellite, when you don’t know it exists or who controls it?
‘A data controller should be accountable for complying with measures which give effect to the principles stated above’.
With international operations and control who will have regulatory authority to hold the controlling organisation to account?
So in the age of Big Data, the inherent balances required in Data protection and Privacy law have become more complicated through the spread of multinational and supranational organisations. In this case we have a new dichotomy:
State actors v Multi-national organisations or corporations
This dichotomy doesn’t just arise in Privacy, of course. We can see the same issues in the challenges individual countries’ treasuries are having in collecting taxes from the multi-nationals operating within their borders. If companies are beyond the control of any individual state, are the extant mechanisms of international law sufficient? And can enforcement mechanisms, which still primarily rely on the nation state, remain sufficient?
So, to conclude, as the technology of space and the capability of big data increases, in both developmental speed and reach, can the legislative and sociological counterbalances keep pace?
There won’t be a magic bullet in this space, excuse the pun. There won’t be a single answer to how we should balance the rights of the individual, the corporation, the state and the multiple other payers. There isn’t on earth, so we shouldn’t expect one in space. However on earth we are at least clear who is doing the balancing and who are the regulatory referees we can call on if we don’t like the conclusion. Perhaps the first question should not be what is the balance of privacy rights in space, but who should be judging the balance and who should check they’ve got it right?