Ethical Dilemmas in Privacy

Key concepts in this module: moral blind spot, ethical dilution, warrant canary, transparency report, oversight board

Why Protect Users You Disagree With?

“I disapprove of what you say, but I will defend to the death your right to say it” - Evelyn Beatrice Hall, 1906, illustrating Voltaire’s beliefs.

First they came for the Jews and I did not speak out because I was not a Jew.

Then they came for the Communists and I did not speak out because I was not a Communist.

Then they came for the trade unionists and I did not speak out because I was not a trade unionist.

Then they came for me and there was no one left to speak out for me.

Martin Niemöller

Why protect users you disagree with - even dislike? Well, one day your life might depend on someone you dislike protecting you.

  • moral circle expansion
  • for and against moral relativism - utexas ethics unwrapped videos, giving voice to values series, complement with peter singer practical ethics (argues against moral relativism)
  • moral blind spots - non-human rights
  • limitations of what content you can legally protect - content moderation, section 230, copyright infringement etc. lots of potential changes with UK online safety bill, EU regulations.

Ethical Dilution

  • define what this is and how it happens
  • radical transparency - the more the better. if users think you’re heading in the wrong direction, they will (hopefully) tell you. but you can’t always rely on them to do this. what other ethical canaries or ethical red lines can you put in place internally?
  • independent oversight board
  • in-house ethics training for ALL employees: engineering, management, sales, marketing, technical support…
  • when expanding into (ethically) unknown markets - do a thorough ethical review of the country, particularly if selling your product to a government (or government-affiliated) entity. https://www.hrw.org/, Amnesty International. could your product be repurposed by bad actors for surveillance? even if you trust the customer, what is the insider threat potential?

Frameworks

“An authoritative list of the core internationally recognized human rights is contained in the International Bill of Human Rights (consisting of the Universal Declaration of Human Rights and the main instruments through which it has been codified: the International Covenant on Civil and Political Rights and the International Covenant on Economic, Social and Cultural Rights), coupled with the principles concerning fundamental rights in the eight ILO core conventions as set out in the Declaration on Fundamental Principles and Rights at Work. These are the benchmarks against which other social actors assess the human rights impacts of business enterprises. The responsibility of business enterprises to respect human rights is distinct from issues of legal liability and enforcement, which remain defined largely by national law provisions in relevant jurisdictions. Depending on circumstances, business enterprises may need to consider additional standards. For instance, enterprises should respect the human rights of individuals belonging to specific groups or populations that require particular attention, where they may have adverse human rights impacts on them. In this connection, United Nations instruments have elaborated further on the rights of indigenous peoples; women; national or ethnic, religious and linguistic minorities; children; persons with disabilities; and migrant workers and their families. Moreover, in situations of armed conflict enterprises should respect the standards of international humanitarian law.”

How can we reason about hard ethical choices?

  • UNESCO tolerance: the threshold of peace report could be helpful (downloaded 098178eng.pdf). https://www.unesco.org/en/promoting-tolerance-human-dignity-fundamental-human-rights
  • https://www.whitehouse.gov/wp-content/uploads/2022/04/Declaration-for-the-Future-for-the-Internet_Launch-Event-Signing-Version_FINAL.pdf - mentions UN Declaration of Human Rights
  • Internet Society Internet Impact Assessment
  • UN Guiding Principles on Business and Human Rights. define ethical red lines within the company. warrant canaries to the public could help keep you accountable. “31 principles implementing the United Nations’ (UN) “Protect, Respect and Remedy” framework”.

  • e.g. 3M say they support United Nations Global Compact, Universal Declaration of Human Rights European Convention on Human Rights, United Nations Guiding Principles on Business and Human Rights, International Labor Organization’s Declaration on Fundamental Principles and Rights at Work, United Nations Convention Against Corruption. what about instruments that are legally binding on companies?

  • The Charter of Human Rights and Principles for the Internet

Content Moderation and Scanning

  • https://stratechery.com/2022/rights-laws-and-google/

Data Sovereignty and the Splinternet

TODO.

  • https://www.lawfareblog.com/two-new-bills-tiktok-and-beyond-data-act-and-restrict-act

Government Surveillance

"”The public squares of Louisville and DC help us “see” the internet, as DeNardis describes it. Signals from cell towers, phones, and license-plate readers can be triangulated to identify all who gather in parks, whether to protest, picnic, or proselytize. Stingray devices intercept cell-phone location signals and transmit identifying information to police. Social-media histories can become profiling and facial-recognition data, the analysis of which can confirm who is where.”

  • snowden leaks
  • PATRIOT, CLOUD acts and Section 702. a.k.a. why people are so suspicious of US data transfers. https://www.lawfareblog.com/lawfare-podcast-travis-leblanc-and-fisa-section-702
  • https://www.lawfareblog.com/buying-data-and-fourth-amendment
  • https://www.lawfareblog.com/business-knowing-private-market-data-and-contemporary-intelligence - govt buys location data
  • https://www.lawfareblog.com/cyberlaw-podcast-has-apple-opened-new-legal-front-against-fbi%E2%80%94without-telling-it
  • https://www.publicbooks.org/can-free-assembly-survive-the-internet/ - the internet in everything book
  • warrant canaries - cloudflare define as “statements of things we have never done as a company”
  • legal issues with warrant canaries…see okta article
  • be transparent with your users about where the data is stored/processed and which govt regulations you are subject to
  • publish transparency reports, inform affected users if legal to do so make sure you’re sufficiently legally informed that you can really follow the letter of the law and reject excessive requests
  • if you have the resources, fight back against govt gag orders like Microsoft has
  • implement all feasible technical measures to combat mass government surveillance (end-to-end encryption, avoid cross-border data flows altho. of course there’s the lie re: internet routing)
  • https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru, https://twitter.com/WolfieChristl/status/1572682780781481985 has detail on Augury tool and previous leak, https://resources.sei.cmu.edu/news-events/events/flocon/program.cfm

Resources