What Decolonising Digital Rights Looks Like

By Aurum Linh, 6th April 2020

Decolonisation is core to all of our work as NGOs and non-profits. We are striving to create a future that is equitable and just. To do that, we need to dismantle the systems of racism, anti-blackness, and colonisation embedded in every aspect of our society.

This is a particularly urgent conversation to have in the digital rights field, given the belief that technology will liberate us from these biases. In reality, we can see that it is deepening these divides and automating these systems of oppression.

We can’t decolonise something if we don’t know what colonisation is. In per TEDx talk, “Pedagogy of the Decolonizing”, Quetzala Carson explains what colonisation is and how deeply it is embedded in nearly every aspect of our lives: “Colonisation is when a small group of people impose their own practices, norms and values. They take away resources and capacity from indigineous people, often through extreme violence and trauma.”

Quetzala goes on to explain that colonisers also bring their axiology, which is how things are quantified and how value and worth are prescribed to things. They impose their assessment of the value of the people, resources and land that become embedded in the institution that then creates the nation-state in settler colonialism. All of the established laws, policies, institutions, and governance structures are based on those beliefs that were brought upon contact.

They impose their assessment of the value of the people, resources and land that become embedded in the institution

How we conceive and transfer knowledge, as well as what knowledge we see as credible and valid (known as epistemology) are also based on these colonial beliefs. How we exist within these structures and how we interpret reality (known as ontology) is deeply influenced by colonisation as well. Axiology, epistemology, and ontology all come together for the state to create a narrative – to create how “normal” is defined.

This is why it’s so uncomfortable and painful to have these conversations – because these structures and beliefs have been embedded in our own hearts and minds. To have these beliefs challenged feels like an attack on our own being, but we have to remember that these beliefs were taught to us and are deeply embedded within us by design. 

Nikki Sanchez, an indigenous scholar, recommends that decolonisation is giving up social and economic power that disempowers, appropriates, and invisibilises others; dismantling racist and anti-black structures; dismantling the patriarchy; finding out how you benefit from the history of colonisation and activating strategies that allow you to use your privilege to dismantle that; and building and joining communities that work together to build more equitable and sustainable futures.

Decolonising must first happen within ourselves – decolonising our own hearts and minds

Decolonising must first happen within ourselves – decolonising our own hearts and minds. It is necessary to both actively combat and resist systems of oppression on the outside, but also within ourselves.

DFF held a strategy meeting in February of this year and there were two sessions on decolonisation (one of which I facilitated) that resulted in the following strategies being shared:

  • Unlearn and re-educate yourself.
  • Acknowledge your privilege and use it to dismantle the system from that position of power within the system.
  • Actively start conversations with people about privilege, decolonisation and anti-racist work.

At the organisational level, how can you give people tools to reflect and engage with this concept in a meaningful and critical way? How might we make it part of the culture of the organisation itself, embedded within every aspect of the organisation, as opposed to something that is considered an add-on or nice-to-have? How can decolonisation be the flour (vital to the recipe), and not the icing (an add-on)?

Culture is cultivated. Participants at the strategy meeting brainstormed a number of practical steps that could be taken at the organisational level to cultivate their decolonised culture. Some examples of the organisational measures suggested include:

  • Create a common language around decolonisation, and make publicly questioning the influence of biases and privilege part of your organisational culture.
  • Remember that this work is more than just hiring people of colour (PoC) and significant work is required of a mainly white organisation before bringing in someone of colour. Otherwise it could put that person in a position of having to educate others and endure traumatic conversations.
  • Learn what white fragility is, and be aware and conscious of when white fragility is arising in conversations.
  • Ask yourselves “are we the right people to be doing this work?” and “are we taking resources from other people or organisations that have been doing this work?”
  • Only put the necessary qualifications on job descriptions – women and PoC are less likely to apply to jobs if they don’t meet every qualification listed. Be conscious of this.
  • If no one on your team is part of the marginalised community you are working to protect, acknowledge that your organisation is coming from a place of allyship. Do not act like stakeholders when you are not part of the community that you are trying to protect and ask yourselves (again) “are we the right people to be doing this work?” and “how can we provide resources to the community members who are doing this work?”
  • Recognise your blind spots on issues of power asymmetries both within and between private and state actors.
  • Pay a liveable salary – people are often financially responsible for others (their parents, siblings, etc.) and can’t afford to live on a low income.
  • Avoid tokenism. Does everyone truly have a seat at the table or are some people there as (or made to feel like) figureheads for “diversity” purposes?
  • Consider what problems get solved first at your organisation. Who decides what? There is space here to rethink and/or dissolve structural hierarchies.
  • Set clear standards to cultivate inclusive meetings by design. For example, rules to prohibit interrupting others, creating space for pointing out problematic behaviour.
  • Restructure how you measure impact and work, and recognise “invisible work” like mentorship.

The effects of colonisation are deeply internalised in nearly every aspect of our waking lives

Colonisation is a collective history that connects us all. The effects of colonisation are deeply internalised in nearly every aspect of our waking lives. What is your personal role in this healing? What role can your organisation play in actively decolonising the digital rights space and beyond? Ultimately, all of these actions create a collective movement towards healing, justice, and dismantling systems of oppression. 

Aurum Linh is a technologist and product developer embedded as a Mozilla Fellow within the Digital Freedom Fund.

Image by Omar Flores on Unsplash

When Climate Justice and Digital Rights Collide

By Daniel Simons, 30th March 2020

Protestor at protest holding sign saying 'No Nature No Future'

What do the climate crisis and digital rights have to do with each other? Are there things campaigners working on these two issues can learn from each other?

These were some of the questions explored at Digital Freedom Fund’s recent annual strategy meeting, where I was fortunate to be one of two representatives from an environmental organisation.

It became clear early on in the discussion that the two issues intersect in various ways, both positive and negative.

Climate change, and efforts to combat it, can impact negatively on digital rights. On the other hand, there is also scope for win-wins, and there are ways in which the digital rights community can help tackle the problem.

How Climate Change Threatens Digital Rights

Climate change threatens life as we know it, so it is a threat to digital rights too, albeit in ways that are difficult to foresee.

We are already seeing some direct impacts, such as the recent mobile network outages during Australia’s catastrophic bushfires, or the decision by California’s utilities to implement a series of planned blackouts late last year to avoid sparking wildfires.

Less directly, but more insidiously, governments are turning to surveillance and control technologies to monitor refugees and migrants, who are increasingly on the move as a result of climate change.

Action against climate change, while clearly necessary, may also affect digital rights. Taxes on electricity, for example, may cause power-hungry online service providers to pass the increased cost on to their users, whether in the form of higher bills or greater monetisation of their personal data.

Several participants in the strategy meeting remarked on the roll-out of smart meters, which help households reduce their energy use, and assist grid managers in improving efficiency and integrating renewable energy. But the data collected by smart meters can paint an intimate picture of a person’s household activities and lifestyle. It is therefore necessary that proper privacy safeguards are put in place.

…the data collected by smart meters can paint an intimate picture of a person’s household activities and lifestyle

Activists working on climate issues face a particular risk of interference with their digital rights. They are frequent targets of unjustified surveillance and hacking, both by governments and corporations. Even scientists may fall prey to this, as the 2009 theft of thousands of emails and other documents from the University of East Anglia’s Climatic Research Unit showed.

Enlisting Digital Rights to Fight Climate Change

Last year saw “flygskam” (flight shame) become the latest Nordic word to enter mainstream English usage. Public awareness of how taking a plane contributes to the climate crisis is high. But should we also be experiencing “dataskam” – embarrassment about how our digital habits warm the planet? The IT sector, broadly defined, accounts for more than 2% of global emissions, which is in the same range as aviation.

In 2009, Greenpeace launched the Cool IT Challenge, a three-fold call for companies to provide emissions-saving IT solutions to other sectors, reduce their own carbon footprint by powering themselves with renewable energy, and advocate for strong political action on the climate. Facebook was an early campaign target: in 2011 it “unfriended coal” and became the first major IT corporation to commit to going 100% renewable. Many other leading companies, including Apple and Google, followed suit.

…should we also be experiencing “dataskam” – embarrassment about how our digital habits warm the planet?

Subsequent campaigns have pushed device manufacturers to go renewable, too. How IT corporations power their operations may not be a digital rights issue as such, but the digital rights community can, and I think should, help amplify such demands for the industry (including less well-known players) to go green – just as many employees of the IT companies themselves are speaking up.

Discussions in the strategy meeting uncovered some areas in which climate action and defending digital rights do go hand in hand. Measures to protect privacy can also be a win for the climate. Limiting the volume and duration of personal data storage also reduces power consumption, for example.

Apart from pushing companies to limit collection and storage of such data, digital rights campaigners can educate the public how to tighten existing privacy settings. The “right to repair” is another shared cause that has been championed by both digital rights organisations and environmental ones. Poor reparability of devices disempowers users and causes unnecessary manufacturing emissions, not to mention the growing mountain of e-waste. With the EU announcing new regulations to promote the right to repair, might this be an interesting area for future strategic litigation?

Parallels in Strategic Litigation

A well-attended session at the strategy meeting run by ClientEarth’s Amy Rose examined whether the digital rights field can learn anything from the way the environmental movement has used strategic litigation to combat climate change. It was noted that there are some parallels between the erosion of privacy and climate change: in both cases, the problem affects the public as a whole, leading to a degree of complacency.

As well as this, in both cases, a narrative has been promoted that responsibility to solve the problem lies with individuals, not companies. This narrative has been a useful tool for fossil fuel and IT companies to avoid accountability.

…in both cases, a narrative has been promoted that responsibility to solve the problem lies with individuals, not companies

In the climate arena, legal campaigners have used securities law to put a spotlight on corporations’ role, compelling them to start disclosing their exposure to climate liability as a risk to their investors.

Activists, and even cities and counties, have also tapped into academic research into which companies are the biggest contributors to the anthropogenic greenhouse gases in the atmosphere – the “carbon majors” – to hold these companies accountable for the resulting human rights harms, or for climate-related torts. Might securities law also be a tool to force companies to disclose their possible liability for privacy breaches? Would the concept of “data majors” have any relevance in defending users’ rights?

Continuing the Dialogue

There was a general sense at the end of the strategy meeting that the dialogue should continue. Apart from ensuring that we are not working at cross-purposes on issues such as smart meters, there is scope for joint campaigning between the environmental and digital rights movements. There is also a lot of scope for useful exchange of learning on how to do strategic litigation properly.

Daniel Simons is Senior Legal Counsel Strategic Defence at Greenpeace International.

Image by Markus Spiske on Unsplash

Against Mass Surveillance of Air Passengers

By Bijan Moini, 26th March 2020

Passengers walking through an airport

Since 2018, air passengers in the European Union are subject to mass surveillance and algorithmic profiling.

 

Despite being in violation of the Charter of Fundamental Rights of the European Union (CFR), EU Member States collect, store and analyse comprehensive data on air travel.

 

The German Society for Civil Rights (Gesellschaft für Freiheitsrechte, GFF) and the Austrian NGO epicenter.works, with the support of DFF, filed a series of strategic lawsuits aimed at reaching the Court of Justice of the European Union (CJEU). A German court has now referred several cases to the CJEU, bringing us closer to toppling the directive that provides the legal basis for mass surveillance of flight passengers.

 

We are used to being treated differently when traveling by air compared to journeys by, say, train. Flying involves identity checks, manual body searches or even full body scans, and sometimes interviews. Many of the precautionary measures taken at airports today were first introduced by the US in the aftermath of the 9/11 terrorist attacks. However, the measures visible to us as air passengers are only the tip of the iceberg.

 

…the measures visible to us as air passengers are only the tip of the iceberg

The collection of data on European air travel presents a similarly severe interference in our fundamental rights.

 

For all passengers of flights to or from the EU, a Passenger Name Record (PNR) is transferred from air carriers to the national police. The basis for all of this is the European PNR Directive (Directive 2016/681). A PNR contains up to 20 data items, including the date of birth, details of accompanying persons as well as payment information or the IP address used for online check-in.

 

Together with the information on the flight itself, the PNR offers a detailed picture of the passenger. Sound like mass surveillance to you? It sure is.

How Did it Come to This?
 
The US first introduced mass retention of passenger data in November 2001. Other countries, including Canada and Australia, planned to introduce similar measures. Despite some fierce opposition in the EU Parliament based on data protection concerns, the EU concluded PNR agreements with these countries between 2011 and 2014.
 

This put mass surveillance of flight passengers on a legal footing. In the case of the PNR agreement between the EU and Canada, however, the CJEU in July 2017 confirmed that the provisions violated European fundamental rights.

In the course of negotiating these agreements, the EU repeatedly discussed introducing its own data retention system for airline travel data.  The PNR Directive was adopted in 2016 and has since been gradually implemented in EU Member States.

 

Even though the Directive envisages data retention only for flights entering and exiting the EU, all Member States have agreed to an extension clause, according to which data for intra-European flights will be stored, as well.

 

Dangerous Data Collection

 

Under the PNR Directive, European government agencies can store PNR data for six months in an identifiable manner (i.e. linked to the real name of the passenger) and then another four and a half years in pseudonymised form.

 

They automatically check the passenger data against databases on, for example, wanted persons and stolen passports. But more importantly, they can apply algorithms, so-called pre-determined criteria, to the data sets.

 

These algorithms are supposed to identify “unknown” suspects by, for instance, extrapolating patterns and conclusions from an individual’s flight behavior and other data to ascertain whether they are a suspected or potential offender.

 

A person for whom such a “hit” occurs can be the target of further clandestine police measures or be interrogated at the airport or even, depending on the national law, detained.

 

It is widely disputed whether the analysis of such data is an effective means to investigate or prevent terrorism and other serious crime

It is widely disputed whether the analysis of such data is an effective means to investigate or prevent terrorism and other serious crime. Rather, the sheer volume can make analysis more difficult.

 

In Germany, the Federal Government itself assumes a success rate of only 0.1%, meaning that 99.9 % of all air passengers – about 169,830,000 people, according to the Government’s forecasts – will be unnecessarily subjected to the processing of sensitive data. And this does not even account for the “false positives” within the 0.1 % (i.e. those who have been flagged by the system in error as a person of interest).

 

Violation of the Charter of Fundamental Rights

 

In view of the large volume of air traffic today, the processing of passenger data is tantamount to mass surveillance.

 

It violates the Charter of Fundamental Rights as it disregards both the right to respect for private and family life (Article 7), as well as the right to the protection of personal data (Article 8). The CJEU’s opinion on the EU-Canada PNR agreement clearly confirms this assessment, as does the opinion of the European Data Protection Supervisor.

 

In view of the large volume of air traffic today, the processing of passenger data is tantamount to mass surveillance

While we are certain to have the stronger legal arguments on our side, we depended on a national court to refer a case to the CJEU and ask it for a preliminary ruling on the validity of the PNR Directive under EU law. We therefore started lawsuits in both Germany and Austria that tackle the respective national law implementing the Directive.

 

In Germany, GFF took a two-track legal approach. On the one hand, we took administrative action against the Federal Criminal Police Office, which processes passenger data in Germany, and demanded that they delete our plaintiffs’ data. On the other hand, we filed civil lawsuits against the airlines transmitting the data records.

 

Towards the EU’s Highest Court

 

In January 2020, the Local Court of Cologne, Germany, submitted to the CJEU the question of whether the PNR Directive violates fundamental rights. Thus we have reached a major milestone in our strategic litigation.

 

We now hope that the CJEU will, consistent with its own jurisprudence, declare the Directive void and thereby invalidate the legal basis of all national PNR laws.

 

A judgment is expected to be rendered no sooner than by the end of 2021. This would be a huge success for fundamental human rights, as it would set boundaries for mass surveillance of all our movements (extending the PNR directive to trains, buses and ferries is already being discussed) and, maybe even more importantly, to the use of algorithms when assessing if an otherwise unsuspicious person is to be considered dangerous and to be treated as such (more often than not, wrongfully so).

 

It would also strengthen European civil society by showing that we can use cross-border strategic litigation as a means to improving the legal protections of hundreds of millions of people at the same time.

Bijan Moini is a litigator with Gesellschaft für Freiheitsrechte and in charge of its digital rights cases.
Image by Toby Yang on Unsplash