New UN Privacy Chief Wants a ‘Geneva Convention’ for the Internet

Joe Cannataci (pictured above) is a Maltese professor of IT law, and the new United Nations special rapporteur on privacy. He wants a new ‘universal’ law on surveillance, and he wants to challenge the data-driven business models of large corporates, so he clearly does not lack ambition. But by announcing such ambitious goals just a few weeks into his three-year contract with the UN, is Cannataci also indicating he will rapidly turn into a bad joke?

There is no doubting the depth of Cannataci’s CV. He has been dealing with information risk since the 1980’s. He is a doctor of law and a fellow of the British Computer Society. He has the right intersection of academic skills to take on this difficult new mandate. But beyond that, it is not clear if Cannataci possesses the other skills needed. Passing a global law to stop the governments of China, the USA and Iran from spying on people might seem like a good idea… until you start asking who will enforce it, and how. The UN already says it is illegal for national governments to spy on it, but there is a Wikipedia page dedicated to all the countries that have been caught doing it. If the UN cannot enforce existing treaties designed to protect its own proceedings, you have to wonder who will enforce the ‘universal’ laws that Cannataci is calling for.

Just as Cannataci might not have the political skills needed, it is not obvious he will have the business skills either. The problem with privacy is that the technology to violate it is so widely distributed. To use an analogy, the nuclear non-proliferation treaty is hardly an astounding success, but the technology to make nuclear weapons is difficult to replicate. In contrast, the means to undermine privacy is now so widespread that every tenth employee carries the equivalent of a nuclear hand grenade in their pocket. Hacktivisim, corporate espionage, organized crime, unethical journalism, a shortage of security experts and ballooning complexity combine to generate a toxic brew for privacy. This makes it much easier for the naive to demand privacy than for corporates to guarantee it – especially if most customers do little to protect themselves and routinely favor convenience over security.

Ask customers of Ashley Madison, Carphone Warehouse, AT&T and many other corporations, and they will agree that something should be done, but none of them know what. If they say governments should pass a law, that misses the point entirely, and indicates a willful ignorance of the history of how we got to where we currently are. Governments have already passed plenty of laws. The problem is that few of these laws succeed. Society sometimes punishes people for the worst violations after the fact… if the perpetrators can be found, and they are not being protected by the government. But focusing on laws and punishment in this context is like instigating a ‘war’ on automobile theft whilst always leaving the keys in the car and the engine running… and whilst knowing that every car is designed so it can be made invisible and miniaturized so you can slide it inside your sock… and whilst knowing none of the cars have number plates, or chassis numbers.

For reasons that I struggle to understand, one of the first actions of Cannataci in his new role was to give an interview to the Guardian newspaper, and to appear like a total prat as a result. If you want to change the world, taking on the most evil and powerful forces in national governments and international business, why start by agreeing to have your photograph taken standing in front of a shabby desk featuring a dreary conference placard leaning against a bare wall? Cannataci should have put on a bloody suit and tried to look like a learned scholar with a proper job, not the head of some lame-ass micro-budget political campaign group. He is absolutely right to state that oversight of British surveillance is “a joke”, but it is also a joke to think that one man from the UN is going to persuade the recently re-elected British government to make substantive changes by using language like that. But most bizarre was Cannataci’s answer when asked why he does not possess a Twitter or a Facebook account.

Some people were complaining because they couldn’t find me on Facebook. They couldn’t find me on Twitter. But since I believe in privacy, I’ve never felt the need for it…

Any man who wants to persuade Presidents and CEOs to radically change their ways will have to be able to provide answers which are not such obvious bollocks. Cannataci has a LinkedIn profile, so it is hard to understand why he is happy for his ‘privacy’ to be undermined by that social network but not another. And networks like Twitter exist to allow people to publicly broadcast what they think. Only the foolish complain about their ‘privacy’ being violated on Twitter, when what they mean is they wrote something stupid in a public place but did not expect anyone else to notice. Not seeing the need to tweet is totally different from privacy questions raised by the use of Twitter, and nothing stops an intelligent and informed user choosing what they want to make public on a platform like that. Such basic confusions from Cannataci undermine the credibility that should follow decades of academic work.

And then he said this:

Because if you look at CCTV alone, at least Winston [Winston Smith in Orwell’s novel 1984] was able to go out in the countryside and go under a tree and expect there wouldn’t be any screen, as it was called. Whereas today there are many parts of the English countryside where there are more cameras than George Orwell could ever have imagined. So the situation in some cases is far worse already.

I go out in the English countryside all the time, and this is utter scaremongering nonsense. There are not ‘many parts’ of the English countryside with more cameras than Orwell ‘could have imagined’. And if there were, then they would be taking pictures of nothing much for very very long periods of time. There are some places with cameras, but as much as I abhor surveillance, I can empathize with why a farmer, or a church, would want to protect unsupervised property from theft or vandalism. And I probably walk through the most surveilled part of the countryside on a weekly basis, as my favorite route takes me throughchequers the grounds of the Primeminister’s country residence, Chequers (pictured). That particular segment of my route has plenty of signs telling me I am being watched and which laws I would be breaking if I deviated from the footpath. But instead of thinking this an Orwellian nightmare, I continue to be amazed that an ancient right of way has been preserved even though it allows everybody to walk within the security cordon for the British head of government!

As glad as I am to see the UN promoting the need for improved privacy and reduced surveillance, I suspect they have appointed a bit of clown, who will spend the next three years telling scary stories to slanted journalists looking for cheap headlines, whilst neglecting to raise public awareness via social media, and failing to connect with the politicians and businesspeople that he needs to influence. And he will bash easy targets in Western countries because he knows he will be ignored everywhere else. Keep in mind that Cannataci was the second choice for the job, and only got it because the first choice was unfairly criticized for being too pro-American. And worse still, Cannataci will waste time coming up with abstract and meaningless ideas like a ‘Geneva Convention for the internet’, when he should use proper research to come up with specific, realistic and concrete proposals for incremental change. After so many years working as an academic, he should be hitting the ground running with viable ways to take privacy forward around the world, not spouting piffle about cameras hidden in English trees. But if Cannataci continues as he has begun, he will only add to his lengthy resume without encouraging any useful change in the world.

If Cannataci’s Guardian interview is a sign of things to come, he will get what he deserves from big business: lip service, and nothing else. They will all sign his new Geneva Convention, after checking it was printed on soft absorbent three-ply tissue that will feel good when rubbed against their bum cheeks. That would be a shame, as many moral business people would genuinely prefer to see fair limits imposed on how data is processed, in order to protect ordinary people. The key is to devise limits that will be consistently imposed and followed in practice, without allowing lots of unpunished exceptions for naughty governments and unscrupulous businesses. I look forward to seeing if Cannataci has anything useful to say about that.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.