Pole Star: Human Rights in the Information Society

• Download PDF

"...every group that wishes to see conflicting interests resolved reasonably, or is wise about the conditions under which it enjoys its own freedom, must be profoundly concerned with the state of freedom of speech and assembly, freedom of inquiry and teaching, freedom of press and other forms of communication, freedom of cultural opportunity and development. For in large measure intelligent moral choice depends upon them."(12)

The Machine Stops: Dystopia

In the story, "The Machine Stops," E. M. Forster limned, almost 100 years ago, a dystopian picture of a global machine that provides for all human needs, the basic ones of food, warmth, and shelter, as well as the extras of entertainment and travel. People spend their entire lives in isolation, except that they must meet to mate for the purpose of reproduction. (Clearly, Forster's imagination did not contemplate the developments in the biological sciences that have come to pass.) Humans have become entirely dependent on the machine for the functioning of their critical infrastructure. The humans have also evolved socially in response to this environment, so that the notion of touching or being touched by another person is repellant. One young man challenges the machine and, predictably for the genre, meets with a bad end. The story ends tragically and, yet, in a hopeful way, with a few wise sufferers, who may be able to carry on human civilization. It is a cautionary tale of a global information system gone wrong.

What are the similarities and differences today? Each new utopian vision of our future, courtesy of information advances, is matched by a sombre notion of the possibilities at hand. From cries of alarm about nanobots overrunning the planet to those who celebrate thinking machines as our children and the next phase of human evolution, benign and malign options are imagined, encouraged by the flexibility of ICT.

The task is to articulate a framework for the information society, based on human rights, and to implement it, using all the available tools of law, technology, business practices and codes of conduct, standards and social norms to shape the society that we want.

Privacy: Under the Lens

Privacy includes protection of personally identifiable information and freedom from bodily intrusion. The UDHR, art. 12, provides that a person shall be free from "arbitrary interference with his privacy, family, home or correspondence." There are two international accords on privacy, the 1980 OECD Guidelines for the Protection of Privacy and Transborder Flows of Personal Data and the 1981 Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, which, together, have been adopted by approximately 50 countries. The regional and national legislation of many nations, including many Euro-pean countries, explicitly recognizes protection of privacy and personal data as a human right. Other countries, such as Brazil, also provide constitutional protections for privacy.(13)

Any discussion of privacy moves quickly to consideration of identity and community and the interplay between these two concepts. There are two senses of identity. First, there is having and maintaining human identity, individuality, selfhood, autonomy, integrity, and personality. This includes the self-conception of who one is, the communities to which one belongs, such as family, religion, and ethnic group, and one's relationship to these various communities. Secondly, there is identity in the sense of being identified, the extent of identification, the manner of identification, whether by an external token, such as a card or password, or by an intrinsic token, such as a biometric(14) or behavioural characteristic, the purpose of identification, and when and under what circumstances identification is made, including the choice to be non-identifiable or not to be identified.

For each interaction, the person may or may not be identified. The choices to be non-identifiable or not to be identified may take many forms. The interaction may be pseudonymous or anonymous. The spectrum of identifiability from identified to anonymity is a broad, largely unexplored and untapped domain. It includes such categories as pseudonymity, member of the group, and authorized user. Information systems have been largely set up with identifiability as the default. There is no technological imperative for this arrangement. It is a legacy of earlier days when the information systems were relatively closed research networks. The identifiability structures have been carried over through the transition from a research tool, used by a few, to a global mass medium that may contain and communicate information about every person and of which every person is a potential user. As the global network of networks expands, it has been tipped toward identifiability. It is important to think rigorously about the levels of identifiability required for various activities in the information society and the burdens that the requirements impose. Researchers(15) have articulated the concept of the one-way ratchet for on-line identifiability. The goal is to employ the lowest level of identifiability for each transaction because, once a certain level of identity has been attached to information, it cannot be reduced, stripped away or peeled off easily.

Identifiability may be accomplished by attaching a person's name, which is the common way to think about identifiability. But, there is also lots of other personally identifiable information (PII), such as identity card and social security numbers, telephone numbers and medical records, which may, singly or in combination, identify a person just as surely as or better than by name. Other personally identifiable information includes behavioural and biometric identifiers, such as fingerprints, gait, iris pattern, retina pattern, hand geometry, and DNA.(16) Where is non-identifiability sufficient? If it is not, does non-identifiable authentication suffice? Even in the physical world, identifiability has often been used in situations where non-identifiable authentication would be adequate. In addition to raising privacy concerns, overuse of identifiability may also create security problems. It may lead to large databases of personal identifiers, which may be attractive targets for identity theft, fraud and other crimes. It also imposes additional expenses, in the form of administrative, management, and equipment burdens, through the requirements that the parties that hold this personal information maintain its confidentiality, accuracy and integrity.

Surveillance has exploded, facilitated by advances in information processing, storage, miniaturization, and network bandwidth.

Currently, the average person in the United Kingdom is caught on closed circuit television (CCTV) 300 times each day.

This example starkly raises the question of proportionality. What is the standard for generally placing a population under surveillance? Are previously accepted standards, such as reasonableness, imminent harm, and other legal and cultural norms, being followed, ignored or discarded? The risk, if these technologies are deployed to take ever greater note of us, is that the fundamental principle that a person is presumed innocent until proved guilty, a human right and central tenet of legal systems, will be inverted, so that all of us will have become suspects.

The surveillance is not merely limited to following someone's movements in public places. Locational technologies, such as the global positioning system (GPS),(17) which are being installed in all sorts of devices, provide a means to determine a person's location and to monitor their movements. Satellites are able to record images on Earth at one-metre resolution.

Video cameras, audio recorders, and sensors are being commercialized and deployed to capture and analyze faces, gait, sweat, pulse, and eye movements. IBM's Blue Eyes tracks the movements of a person's eyes to capture both the purposeful looks that she directs at the world about her as well as unconscious glances of which she herself may be unaware.

In the research stage is the Galvactivator,(18) which is able, through measuring skin conductivity, to assess an individual's state of arousal and convey it to third parties.

The most invasive proposals or measures are often made first or early for vulnerable populations, such as children and Alzheimer's patients, for populations in custodial settings, including students, group homes for the mentally ill, and persons with physical limitations, and for populations with diminished rights, such as soldiers, prisoners and inmates in juvenile detention and correctional facilities. Recent examples include calls for DNA databases, which were often first proposed for convicted criminals, for widening segments of the population and the requirement of biometric identifiers to receive social services, such as health and welfare benefits. In addition, it would be useful to study the relationship of privacy and poverty, to look for correlation between income level and the availability or lack of privacy protection. Particular care and attention must be given to guarding the rights of those with less voice in society. Perhaps most sinister is the fact that many of these proposals fly under the banner of protecting the very people whose rights they diminish.

Initially, the thought that non-human elements, with their own computing and communication capacity, might reside within the human body may seem somewhat startling. Furthermore, it may appear at first blush that, although they are on or in the body, like a hearing aid or a pacemaker, they are not part of the human body. Yet, all humans have intestinal flora, which most people, without too much thought, consider part of their human bodies. If someone ingests biological computing devices that will remain temporarily in the body for a treatment or will reside in the body, who owns and controls the device and the information that it generates?

There are many examples of wearables, ingestibles, and injectibles, with beneficial and detrimental outcomes. Diabetes treatment, which formerly required shots of insulin several times each day, is being improved through the use of a wristband that monitors insulin level and administers insulin through the skin in more precise doses, as needed. The use of ingestibles will grow. Indeed, as more nutritional and medicinal elements are added to food and targeted to specific demographic groups, such as children, the elderly, and ethnic groups with dispositions to particular diseases, the Food and Drug Administration of the United States and its counterparts in other countries will be called upon to address the question of what constitutes a food.

Security: Protecting Individuals and Society and Conquering Chimera

"AIR WAR WON," blared the banner headline in the October 10, 2001, edition of the Boston Herald. The United States had engaged in aerial attacks on Afghanistan, a country that the Clinton administration contemplated "bombing up to the Stone Age." The might of the American military, including its commanding air resources, had managed to crush the puny air resistance in Afghanistan. Although the message was clearly intended to soothe a troubled population, by assuring them that matters were well in hand, these reassurances provided a false sense of security, as they disturbingly celebrated victories over phantom problems. The detour distracts attention from the real threats.

Security of the ubiquitous information environment consists of providing for the confidentiality, integrity, and availability of information and communication systems, including the data and information in them. Information and communication systems, including the global network of networks, are not static. Rather, they are dynamic and change over time. Similarly, the state of protection of critical infrastructures is never achieved. It is an ongoing process. Moreover, critical infrastructure protection involves a learning adversary, other human beings. This is in contrast to other areas of engineering, for example the civil engineering task of designing a bridge.

The world is increasingly dependent on a global network of networks that is increasingly vulnerable.(19) The ubiquitous information environment will require survivability and, if not sufficiently protected, will be vulnerable to cascading effects from security failures, the magnitude and consequences of which are not at all well understood. The goal of security of information systems is to protect individuals and society.

The security of information systems is hampered by the absence of some basic elements. First, there is a deficit of data about threats and breaches to information systems. Secondly, software producers have been permitted to introduce into the market software that is of inferior quality or insufficiently tested. This acceptance of buggy software is largely due to a combination of the intensity of technology cycles and competition, governmental acquiescence, and consumer inexperience with the technology. The leniency granted to software producers contrasts sharply with the requirements of product testing and standards, warranties, and consumer protection for other goods and services. It is, moreover, unjustified. The incentive structure to market higher quality software is essentially absent. Software producers have been given a free pass, in the sense of the paucity of liability for losses from software glitches and failures.(20) The insurance industry is finally maturing in this area and better appreciates the risks and is, as a result, imposing insurance requirements related to information systems. Measures by the insurance industry may also eventually stimulate more governmental action.

The UDHR, art. 3, provides that everyone has the right to security of person. The OECD Guidelines for the Security of Information Systems, which were adopted in 1992 by all the OECD member countries, contain the Democracy Principle and the Ethics Principle. The Democracy Principle provides that "the security of information systems should be compatible with the legitimate use and flow of data and information in a democratic society." The Ethics Principles states, "Information systems and the security of information systems should be provided and used in such a manner that the rights and legitimate interests of others are respected." Interestingly, following the terrorist attack on New York in 2001 and at the lead of the United States, these two principles were eviscerated in the 2002 redraft. They now read, respectively, "The security of information systems and networks should be compatible with essential values of a democratic society," and "Participants should respect the legitimate interests of others."

Where do security threats and breaches come from and how do we react to them, while at the same time upholding human rights and civil liberties? The 2001 Council of Europe Cybercrime Convention and the Patriot Act of the United States are recent examples that, in the name of security, diminish rights. The unlikely Terrifying Troika of drug dealers, pedophiles, and money launderers, joined more recently by the cloud of the everlasting war on terrorism, is invoked in the most unlikely places as justification for measures that masquerade as security, while they steal our liberties.

It is axiomatic that privacy and security are compatible and can be mutually reinforcing.(21)

For example, protecting personal information in the global networks in accordance with data protection laws will enhance the security of information systems.

Freedom of Movement

Freedom of movement (UDHR, art. 13) is most often conceived as movement in physical space. The information society adds the additional issue of freedom of movement in cyberspace. The surveillance and use of locational technologies described above go directly to the question of freedom of movement. In addition to increasing watch over a person's movements in physical space, it is simple to monitor an individual's activities in cyberspace. Email is easy to read. Records are kept of websites visited, including the order and succession of websites viewed, down to the amount of time a person's mouse hovers over a part of a page of a website. In many countries, this information may be matched, mined, sold, and aggregated. As more and more of a person's interactions occur online, it is increasingly simple to monitor their movements, thereby making it easier, for those who might wish to do so, to restrict them.

Freedom of Association

Freedom of association (UDHR, art. 20) involves the interaction of an individual with another individual or individuals or a community. Meetings may occur for any reason, political, religious, or social, for instance. This value is important because it is the means by which much of the work of the world gets done. Political discourse and spiritual worship both often have important aspects of association. As with freedom of movement, it is important to take account of the aspects in both the physical world and cyberspace. The same surveillance and locational technologies that might be used to follow one person's movements can be easily applied to monitor many individuals or groups. This could have a significant chilling effect on discourse. Similarly, in cyberspace, if individuals participate in chat rooms or web gatherings, it would be possible to monitor them or restrict their capacity to do so.

Access to Technology: Down to the Wire

For the bulk of the population of the planet, billions of people, their first exposure to the ubiquitous information environment will not be like the developed country experience of the late twentieth century. It will not be through a personal computer, sitting on a desk, that an individual interacts with on a discrete basis for several hours a day at work or school. In service of this vision, politicians in developed countries rolled up their sleeves and plugged in boxes and strung wires, which, while excellent politicking grist, did little for the information society. Instead of the box on the desk, most people in developing countries will reach for a cheap hand-held device. This information appliance will be tiny, perhaps the size of a key ring. It will be manufactured in a developing country, but the underlying technology will most likely be owned by a company in a developed nation. There will be, either legally through intellectual property licenses or illegally by piracy, local adaptations of the device to fit local needs. At command, torrents of information will surge from the device. The question will not be whether people can get the box or the information. The challenge, far more difficult than device or data, will be how, for billions of people, to inculcate the skills to enable people to find the information that is useful to them, to absorb it, and to adapt it to their own lives and needs.

Lest the reader grow too sanguine, the preceding paragraph should not be read to imply that there are no issues of access to technology and information. Rather, it is intended to emphasize that the developed country models for early ICT diffusion will most likely not be the means of ICT uptake for the rest of the world. As we grapple with the daunting prospect of providing meaningful access to technology and information more broadly throughout the world, it would be unfortunate to plan and execute on the basis of early, outdated models.

There are many alternative and creative ways to provide access to technology and information. We are still in the early days of discovering and disseminating them.

In India, for example, approximately one-third of Internet use occurs at cybercafes, which have proved to be popular hubs and gathering places for information access and exchange. This Indian pattern of use may influence broadband deployment in that country.

In Sri Lanka, smart buses, equipped with technology and Internet access, head for remote villages. Local residents are trained beforehand and serve as teachers to their neighbours in the local community. Malaysia has many rivers, which serve as important travel and communication arteries. Adapting the smart bus concept to local conditions, Malaysia has conceived of smart boats, which will ply the rivers, bringing information, connectivity, and training to people throughout the country. It is important to take advantage of existing physical infrastructure and strong local presence in the community. Post offices, libraries, and schools may be available in many communities. The latter two locations may have personnel with specialized training that is particularly useful for the information society. Canada's Community Access Program is a stunning example of a quick, low-cost, inclusive, and successful initiative to provide access to technology and information.(22)

The initial consideration for access to technology and information is availability of the technological infrastructure. The infrastructure may be telephone landlines, wireless, satellite, cable, fibre-optic and combi-nations of these elements. Each of these technologies has certain advantages and limitations. Satellite is able to provide wide geographic coverage. It is well suited to data communication, but latency problems make it undesirable today for voice communications. Telephone lines differ in age, which may affect availability or quality of some information services. Some in the United States are 70 years old, while in Korea many are relatively new. Cable is widely used in North America for access to information, but in most of the world, cable penetration is very low and the economics of cable, compared to other potential communication media, will probably not justify its installation.

Interestingly, the challenges of providing virtual, real-time, always-on access to information are embedded in basic physical considerations of geography, climate, and demographics. Research and deployment already underway in developed countries may provide useful lessons for developing countries. Canada well illustrates this point. Geographically, Canada is the second largest nation on earth. Notwithstanding this huge landmass, 90 percent of the population lives in a long, relatively narrow, 5,000 kilometre ribbon that stretches along Canada's border with the United States. In Canada are found some of the most remote regions and harshest climate in the world. Canada has long had a strong social commitment to serve its entire population and strives to overcome the environmental rigours to do so. Close analysis of these physical factors is essential. There are physical environments, for example, in which wireless communication may be more robust than landlines.

In many countries, such as the United States, flat-rate subscriber charges have helped stimulate demand for and uptake of Internet services. In many places, high charges for access suppress demand. Indeed, flat-rate pricing may be one of the most important factors for encouraging greater information access, since it allows users to spend time online, experi-menting and educating themselves. Yet, governments are reluctant to change the pricing structures, for fear of undermining their sources of revenue. This hesitation is exacerbated by the fact that, due to growth in Internet use, many countries are already experiencing declines in long-distance voice telephony revenue, which slow or halt investment in advanced infrastructure.

Freedom of Expression and Access to Information

The UDHR, art. 19, provides that "everyone has the right to freedom of _ expression," specifically including the "right _ to seek, receive and impart information and ideas through any media and regardless of frontiers." The concept of freedom of expression has a vast literature of its own. Freedom of expression includes the notion of a hierarchy of speech, with political discourse being accorded some of the greatest protection and commercial speech, such as advertising, ranking lower.

The challenge in the information society is to secure this right for all people. Unfortunately, this right is often honoured in the breach. Some governments restrict freedom of expression by means of technological measures and laws. Access to the physical infrastructure is denied, severely limited, or monitored. Information is deemed objectionable on the grounds that it is political, blasphemous, hate speech, or pornography. The number of Internet service providers (ISPs) may be limited, sometimes to one government-sanctioned provider. Saudi Arabia, for example, employs an Internet filter at the country level. It attempts to sift all Internet traffic entering the kingdom by having the King Abdul Aziz City for Science and Technology filter all content deemed objectionable, including that related to sex and gambling and information that is contradictory to Islam and the traditions of Saudi Arabia. China's moves to block access to certain websites has even earned the sobriquet, "The Great Firewall of China." Internet service providers are subject to controls, harassment or burdensome data requests. The information, communications and computers of human rights activists are seized by authoritarian governments. People have suffered arrest and incarceration for posting webpages, sending email, participating in chat rooms, and visiting websites. China sentenced two men to prison terms of 10 years for subverting state power by posting essays on the Internet. In Tunisia, a man received a two-year prison sentence for false information and stealing Internet services. He published, without the authorization of the Tunisian government and using a computer at a cybercafe, for which he bartered his services, a website, based in France, that provided information and views on politics in Tunisia.

The phrase "access to information" has been around for a long time and has become very politicized. What does it mean to have access to information, what information, when and how? Economics, law, freedom of expression, civic participation, and the function of democracies are all implicated, as well as the dark, flip side of censorship.

Open Government, Access to Government Information, and Freedom of Information

Freedom of information involves the ability to obtain information about governmental documents and activities, an important tool for government oversight and participation in a democratic political system. Indeed, a vital element of the construct of democracy is the duty of the citizen to monitor the activities of her government. In an increasingly information-intensive society, access to governmental information is essential. Many national and sub-national governments have adopted legislation to protect freedom of information. There is a current, unprecedented, global trend toward the adoption of freedom of information (FOI) legislation.(23)

Approximately 50 countries now have freedom of information laws, while another 30 nations have efforts pending. But, it is a new area for many nations, which would benefit from the availability of guidance and training in drafting and implementing freedom of information legislation. Ominously, states sometimes enact laws labeled "freedom of information," which are actually tools for censorship.

Intellectual Property Protection and Use

Access to technology and information is closely linked to protection of intellectual property. Interestingly, this relationship is used to make the arguments both for maintaining current rules to protect intellectual property and even to strengthen them, as well as for justifying the diminution or abolition of intellectual property protections. The UDHR, art. 27, provides for the right of an author to protect moral and material interests resulting from scientific, literary and artistic productions. The right stated in the UDHR is echoed in other international instruments, national constitutions, and legislation. All capture the basic notion of intellectual property protection, which is to grant to authors limited monopolies in their productions, for the purposes of encouraging innovation and making the fruits of innovation available to others. Rules governing intellectual property rights protect an author's rights in her scientific, literary and artistic productions. Alternatively, an author may relinquish her claim to the work and place it in the public domain, where it is freely available for use by all. In addition, there are vast quantities of data and information to which it is not possible to extend intellectual property protection. Just as the ubiquitous information environment is an extensible resource, the amount of intellectual property that can be created in the world is limited only by human ingenuity and effort.

The continuing increases in information processing, storage, and transmission capacities change the cost structures and economics of information dramatically. Use of information differs in many ways from the use of other goods and services, most simply in that, generally, consumption of information by one does not preclude its use by others.

Moreover, it may be desirable to encourage people to consume ever more information, for their own personal development and for the benefits that the economy and society will reap from more educated and informed participants.

The economics of information is little understood and requires further study. In addition, economists have been developing theories that better include and address social goals, such as environmental protection and labour standards, including child labour norms. It would be helpful also to encourage more study of the economics of the information society, including access to information.

As ICT have developed and the information society has begun to emerge, there has been a large amount of activity with regard to intellectual property protection in the form of international accords, regional and national legislation, competition policy investigations, and the search for new technological and business models, such as digital rights management. Intellectual property protection of software has generated much controversy, exacerbated by Microsoft's huge market share.(24) The fervour of the debate and the wide range of participants indicate the level of uncertainty and the perception of the stakes. The Chairman of the United States Federal Reserve, Alan Greenspan, wondered, "How appropriate is our current [intellectual property protection] system - developed for a world in which physical assets predominated - for an economy in which value increasingly is embodied in ideas rather than tangible capital?" and, moreover, "Are the protections sufficiently broad to encourage innovation but not so broad as to shut down follow-on innovation?"(25) Others advocate the preservation and creation of the information commons(26) to ensure access to information. Human rights activists maintain that the right to development and other human rights are thwarted by the costs of information and communications technologies, which are so expensive that they are inaccessible in many developing countries. Further, human rights workers assert that free software is essential to human rights, in order to assure that the control of their information remains with them, thereby preserving the necessary independence to permit them to protect lives and to carry out their work in the face of pressure and threats from repressive and hostile regimes.(27)

The step that would make the biggest sea change tomorrow in intellectual property protection and access to information would be for governments to put the works that they produce into the public domain.

Some nations, such as the United States, already follow this rule. There would be two immediate benefits. First, large quantities of information would become freely available, increasing access to information. Govern-ments, by and large, produce political, social services, economic, and research information, in other words, the types of information that people need for carrying out their lives, helping others, and bettering their own situations. Secondly, governments, by placing their large thumbs firmly on the side of the scale tipped toward more access to information, would reframe the debate and send a strong signal to other content providers.

The challenge of equity, as reflected in the digital divide, consists of the issues of infrastructure, information, education and critical thinking skills. Access to technology and information is most often framed as a North-South issue. This emphasis is valid, but may sometimes obscure an important source of insight and practical measures. Within developed countries, there may be significant differences of access between urban areas and the rural and remote regions and between affluent and poor areas. As governments and the private sector in developed nations grapple with issues of access, which, given economic and political realities, they may be the first to do so, there will likely be many instructive lessons for developing countries.

Right to Education

Far more complex than the provision of technological infrastructure is the availability of education that will give people the literacy and critical thinking skills to navigate the sea of information, to absorb the information, and to be able to adapt it to their own lives.

Nearly one billion adults are illiterate. Two-thirds of them are women. Hundreds of millions of children are illiterate, 100 million of whom have no access to a school.(28)

In furtherance of the human right to education (UDHR, art. 26), the United Nations proclaimed the period 2003-2012 the United Nations Literacy Decade, with the goal to halve adult illiteracy by 2015.

The information society will both require and facilitate the education of the people of the world. While the information society increases the need for literacy for participation in the job market, it also, with ICT as a key enabler, provides the means to ensure quality education to a larger proportion of the population than ever before in the history of the world. Education can serve as a powerful lever to reduce poverty. This exciting prospect will not only increase chances for more remunerative and fulfilling employment, but it will also facilitate fuller participation in political discourse and social and cultural life.

Your Email :
To Email :