Why I’m not speaking at CPDP (Hint: it’s the privacy-washing, stupid!)

13 Jan, 2016 The sponsorship of privacy and human rights conferences by corporations that erode our privacy and human rights is a clear conflict of interests that we must challenge. The revolution will not be sponsored by those we are revolting against.

Are we playing in the gilded sandboxes of Surveillance Capitalism?

Photo courtesy: Banksy

The dream panel

Towards the end of last year, I was invited to speak at a plenary panel on Surveillance Capitalism at the Computers, Privacy, & Data Protection Conference (CPDP) alongide Shoshana Zuboff (the Charles Edward Wilson Professor of Business Administration at the Harvard Business School and the person who coined the term “Surveillance Capitalism”), Marc Rotenberg (EPIC), Birgitta Jonsdottir (Pirate Party MP, Iceland), and Martin Schulz (president of the European Parliament).

Shoshana, Marc, and Birgitta are personal heroes of mine and I was giddy to have been asked to share the same panel with them… Until I opened up the CPDP web site and saw that Palantir was sponsoring.

Cue: shock. (This happens a lot; I’m naïve like that.)

Umm, excuse me… what?

So, since I’ve been living in England in yonks now, I did what comes only too naturally and wrote A Strongly-Worded Letter™ to the organisers and CCed the panel on it:

Palantir is sponsoring? You must be joking. Is this true? If so, and if this is not fixed, I will not be taking part. (And Caspar would be turning in his grave and I’d highly urge you to take his name off of any of the proceedings because this will definitely not be done in his memory.) If this is true and not some prank played on the conference by a soon-to-be-fired web developer, I’d love to know who thought it would be acceptable to have Palantir sponsor a conference on privacy and data protection.

My fellow panelists replied with long, caring emails acknowledging the problem, debating the merits of using the platform versus not, and even urging me to take part “under protest”. I thank them for their time and for caring.

I did consider attending under protest and using my time on the panel to speak out about the issue. That is, until the conference organiser, Paul De Hert, responded with one of the most cavalier and laissez-faire attitudes to sponsorship that I have seen (bear in mind that I’ve been speaking at countless conferences for over 15 years so that’s saying something).

The future of coin-operated conferences

I won’t share the details, since these were private emails (well, as private as unencrypted email gets, so I’m sure you can grab yourself a copy from the NSA or GCHQ if you really want to). Suffice to say, sponsorship is welcome at CPDP and they don’t much care who it comes from. If you’ve got money, they’ll take it.

Are you listening, North Korea? Next year, CPDP could take place in front of Kim Jong-un posters if you hurry and get your deposit in now. This is a seriously valuable PR opportunity for anyone involved in dubious privacy or human rights practices, so tell your friends. (Uber, for example, was notably absent from this year’s list and is probably missing a trick by not sponsoring.)

In case you’re wondering why this is such a big deal, it’s because CPDP isn’t just any conference. Like Amsterdam Privacy Week before it and like RightsCon (which I wrote about earlier), it is a conference that purports to care about privacy and human rights.

If CPDP was a general technology or web conference, I wouldn’t mind. Of course those companies are going to sponsor and, by accepting their sponsorship, a generic tech/web conference isn’t legitimising them in any way on any specific topic. However, this is different. While these companies don’t need any legitimacy as leaders of mainstream technology (this is not disputed, it is simply a sad testament to the state of mainstream technology), they do need every bit of legitimacy they can get in their efforts to paint themselves as “the good guys” when it comes to the topic of privacy and human rights.

Before anyone steps up to say “but you couldn’t have the conference without those sponsors”, let me tell you could. It would be harder, but you could. I know because I’ve personally organised three international conferences, including a summit on privacy. I was selective in my sponsor choices for the first two – which makes it harder, but by no means impossible, to find sponsors. As for our privacy conference, we specifically didn’t want any sponsors for all the same concerns I raise here and elsewhere.

The other argument that pops up is that the sponsorship in no way affects the content of the conference.

Well, you can tell that to the ‘Data minimization vs. personalised computing experiences’ session chaired by a Microsoft employee and featuring a Facebook employee…

Or, the ‘E-Privacy Directive: superfluous or a solution to stop the pendulum that swings between privacy and safety’ panel chaired by a Microsoft employee…

Or, the ‘No more trade-offs: achieving innovative growth and user trust in the data-driven economy’ session chaired by a Facebook employee. The session summary for that last one is even more interesting as the content was directly commissioned by Facebook:

In this session, Ctrl-Shift will present insights from a project commissioned by Facebook to explore how the participants in the data driven economy can work together to achieve this goal.

Nope, no influence whatsoever!

Staking a claim

And maybe all of this is moot because, since hearing from Paul, I realise that I was mistaken: While CPDP bills itself as a privacy conference, it apparently does not in any way take sides in advocating for greater privacy or protection of human rights. You see, it is a ‘multistakeholder’ conference. Which, if you’re a connoisseur of such things, is a convenient euphemism for institutional corruption. The stakes, you see, are not all the same size… Some people’s stakes are so large, you can erect a tent around them, like Google did at the Internet Governance Forum the year I was there.

CPDP, we are to understand, is neutral ground for all parties to get together and chat. There’s just one problem with that argument:

“If you are neutral in situations of injustice, you have chosen the side of the oppressor. If an elephant has its foot on the tail of a mouse and you say that you are neutral, the mouse will not appreciate your neutrality.”—Desmond Tutu

I feel I’ve been repeating myself ever since sharing my article on RightsCon, my thoughts on Amsterdam Privacy Week, and the various talks I’ve given on this subject, so I’ll just let you read what I wrote in my follow-up email to the conference:

I just want to make it very clear that I am not opposed to corporate contributions / sponsorship. What I cannot accept is a privacy themed event (if this was SXSW or Web Summit, sure, no problem) accepting sponsorship from corporations whose business models depend on eroding privacy. That is a conflict of interests, plain and simple. And it legitimises those companies as positive actors on the topic in question. Or, to quote Lawrence Lessig, it constitutes “institutional corruption”. … Please invite Palantir and Google and Facebook to debate with us openly. But when you invite them to sponsor the event, that’s a whole different ball game. They’re no longer just at the table, they’ve paid for the table. And that changes things. It is one thing to talk about privacy where Palantir is at the table and another to talk about privacy where the table sits under a Palantir logo. … I have no doubt that everyone involved wants to maintain the integrity of CPDP [this was before I got the email from Paul, I no longer believe that this conference has any integrity to maintain]. Which is why I feel it is of critical importance that the influence that sponsorship bestows upon an entity is acknowledged. Even if we can believe that it has absolutely no impact on programming in anyway (which is rarely the case, as sponsors are given sessions), it alters how the event is framed. By allowing Palantir to sponsor a privacy event, you are legitimising them on the topic of privacy. How bad can they be if a privacy event is all right with them being sponsors? We would not even be having this conversation if this was a conference on lung cancer and Philip Morris asked to sponsor. Or if this was a conference on animal welfare and a factory farm wanted to sponsor. Well, these corporations (you mention Google, below, and Facebook also comes to mind, among many others) are the factory farms of technology when it comes to privacy. The only way a conference on privacy could accept them as sponsors is (a) if it doesn’t understand this or, (b) if it does but it is all right with it. I’m much happier with the former scenario as it provides room for growth and a path to making amends. … If you agree with me on Palantir, then we’ve already drawn a line. Let me make it easier: I’m pretty sure I could get Hacking Team to sponsor this conference. Would you accept? If not, there’s another line. [I’ve since come to understand that they’d accept anyone so I was being naïve, per usual — Hacking Team, sponsor away, ye lads.] So it’s plain to see that, of course, we have a line. The real question is “according to which criteria do we draw the line?” I’m very specific about where I draw the line: if the core business model of a corporation is to monetise people’s personal data or to benefit from the erosion of their privacy, that’s where I draw the line. (We’ve recently formalised this into a framework that you find useful: the Ethical Design Manifesto). … [I]f you do decide to go ahead with Palantir’s sponsorship, I hope in all sincerity that you remove those portions of the programme that honour Caspar. If you honour him in front of Palantir’s logo, you might as well also spit on his grave. … It was an immense honour for me to be invited to take part on this panel. I’m a relative newbie in this community and there’s nothing I’d love more than to meet you and to spend time picking your brains. But not at any cost. Not at the cost of contributing to what I see as one of the main reasons why we cannot tackle surveillance properly: because we do not understand the role of institutional corruption—whether in our governments, at the EU/EC, or in our own community—and the relative pass we are so quick to afford corporations that surveil people en masse compared to our relatively steadfast resolve against the same infraction on behalf of governments. (It becomes even worse when you realise that one wouldn’t be possible without the business model and activities of the other.) It might be a cultural thing: I see this as being far more prevalent on your side of the pond and it might have a lot to do with the cultural roots of the US and its conflation of capitalism with democracy. However, today, (at least in my view) corporations and governments have as much to answer for when it comes to mass surveillance and I will not legitimise a corporation that makes its money by contributing to it by appearing at an event at which they are a sponsor. By all means, invite them to the panel and let’s chat on equal terms. But not as a sponsor. Paul, I see you’re CCed, I would appreciate your thoughts on this. I do want to make it perfectly clear, however: it’s Palantir as sponsor or me as panelist. That bit is not open to discussion.

Well, we all know who they chose.

And then they added Google and Facebook on as sponsors for good measure.

Needless to say, this is bullshit. This is privacy-washing. And I will have nothing to do with this or any other conference on privacy or human rights that sees it fit to accept sponsorship from the very companies and institutions that are the greatest threats to our privacy and human rights.

I don’t take this decision lightly. While CPDP doesn’t pay its speakers (they cover travel and accommodation), other conferences do. Speaking fees are one of the things that help keep us afloat. Taking a stand on this may mean that we have even less revenue available to us in the future from paid speaking opportunities. And that’s fine. Better that than to unwillingly legitimise corporate surveillance or knowingly take part in an institutionally-corrupt system.

I want to end with an excerpt from the last email I sent to the conference organisers: