Internet Governance Forum 2015 in João Pessoa, Brazil

I had the opportunity to travel to João Pessoa, Brazil for the 2015 Internet Governance Forum, a UN-sponsored multistakeholder event focused on Internet governance. I moderated a workshop on “Benchmarking ICT companies on human rights.”

There has been growing interest over the past few years in civil society efforts to hold ICT companies accountable for their impact on human rights,. All stakeholders including companies have an interest in setting clear industry standards on dimensions of privacy and freedom of expression. To that end, more research and comparative data about different companies’ policies and practices can encourage companies to compete with one another on respect for users’ rights. Given the international scope and complexity of the sector, this task is more than any single organization can fully tackle on a global scale, and it is important to recognize the diversity of goals and perspectives represented by organizations working in this space. The purpose of this roundtable workshop is to bring together a geographically diverse range of NGO’s and researchers to share experiences and perspectives on creating projects to rank or rate ICT companies. The goal is to create a “how to” guide on launching such projects as well as a collaborative network of organizations and researchers. Company and government stakeholders will also provide feedback on how such projects can most effectively influence corporate practice and government policy.


What we’re talking about when we talk about Hobby Lobby

I’ve spent much of the three days since the Hobby Lobby decision came down arguing with libertarians about healthcare. My extended social network contains very few outspoken religious conservatives, but is apparently replete with committed libertarians with varying degrees of writing fluency. While it would be easy to write a post listing the nonsensical arguments that have been mustered in defense of the Hobby Lobby decision (personal favorite: employer-provided health insurance is the same thing as employer-provided lunch), I think it’s far more interesting to probe the underlying assumptions, normative values and beliefs underlying these arguments.

In the interest of transparency, I’d like to present my own assumptions, normative values and beliefs as they necessarily underlie my critique of opposing arguments.

I believe that health care is a human right.

I also believe that the goal for society should be (among other things) to ensure equal access to quality healthcare for all humans in the society. This is a normative belief: what I believe *should* happen. Others, of course, may have different normative visions for society which will necessarily lead to different policy preferences. From what I have seen and read I have concluded that a universal single-payer system with some component of market competition is probably the most efficient, fair, and cost-effective way of achieving equitable access to healthcare. To my mind, disagreements about the minutia of regulating the current U.S. system (which, to be clear, comes closer to my ideal after the ACA than before it) are distractions from the main problem plaguing U.S. healthcare: access is inexorably tied to one’s employer (or one’s spouse’s employer, which puts unmarried workers at a disadvantage). This has several disadvantages: it creates a hierarchy of deservingness, where income inequality is compounded by unequal access to care; it burdens businesses with the responsibility of dealing with health insurers, which companies in other countries do not; and, since Hobby Lobby, it means that at least some employers can impose their religious beliefs on their employees.

The first wave of media coverage suggested that this only applied to those methods of contraception that the plaintiffs believed to be abortifacient: the so-called “morning after pill” and intra-uterine devices, but the Court quickly clarified that it intended the ruling to apply to all contraception — as long as the business owners sincerely believe the contraceptive method(s) in question to be against their religion — and only contraception, as religious objectors cannot (yet) be exempt from covering blood transfusions or vaccinations. This sets birth control apart from all other medical care as somehow less essential, and the people who use it less human, more Other.

Commenters have also been quick to point out that the ruling “only” applies to closely-held businesses. However, 90% of U.S. businesses are closely-held, employing 52% of the American workforce, as Mother Jones points out. Granted, many of these are small businesses that are not required to provide employees with health insurance, but the numbers are far greater than the “maybe 50 companies in the whole country” that one of my Facebook sparring partners claimed. And there are already signs that the religious right is hoping to expand the loophole even further.

The arguments mustered in support of the Hobby Lobby decision, at least in conversations that I’ve been part of, seem to fall under a few broad categories. Italics represent a direct quote.

This isn’t really a big deal

Employers weren’t required to cover contraception before 2013, so why is it such a big deal now?

It was a big deal. You just weren’t paying attention.

All that was done today was to rule that in a small % of cases the law infringed on the defined rights as per the constitution. You can say that it is sexist bullshit, and that is fine to believe, but this country was built to protect that sexist bullshit…and it is one of the few things that separate us from countries like Iran.

As noted above, this is not a small percentage of cases – it potentially applies to over half of the workforce. Moreover, protecting sexist bullshit is certainly not what separates us from Iran.

Contraception isn’t really healthcare

Saying that…from a public health perspective what does contraception offer? From a disease perspective only barrier methods reduce transmission rates, and since this is not “required”, then that is not the “focus”. The other use of contraception is to reduce pregnancy rates or to allow people to chose when to have a kid or not. The “choice” side does not provide a public health benefit, so you are left with 2 parts…one is the individual health in the case of people where a pregnancy would cause a health issue, and the second is the reduction in unwanted pregnancies. So…this really is about “population control” to some extent.

No, it’s really not. Birth control is an absolute requirement for women’s equal participation in the work force and in society. Moreover, pregnancy and childbirth are leading causes of mortality and morbidity for reproductive-age women in the United States and worldwide, especially in poor countries.

What is most galling to me is the not-always-so-implicit assumption that sex is either procreative or a risk behavior. Evidently the interests of monogamous couples who want to enjoy latex-free sex without risking pregnancy are frivolous for this crowd. This is obviously a normative moral judgment, and lots of people do believe that this is the case. Fine, they can live their values in their own lives. No one in the pro-contraception camp is saying that people ought to have monogamous, non-procreative sex if they don’t want to. We are saying that other people’s moral values should not impede us in our pursuit of happiness, which for many (most?) couples includes a fulfilling sex life.

You have to realize this has to be looked at from a “public health” perspective. The only way that the ACA holds together is that it was directed to increasing the public health.

“Increasing the public heath” includes contraceptive care, at least according to the overwhelming consensus of the medical profession.

There is no relationship between the employer’s and employees religion in this ruling, nor any “forcing” for them to do anything the employer requires. The absence of payment for a service is not the same as forcing them employee to abide by the religion of the employer.

The ruling is based on the employer’s religion and has a direct, material impact on employees. The ruling creates a relationship between the two where there was none before.

I’m absolutely certain that lunch and contraception are moral equivalents.

This one just leaves me speechless. Contraception and access to all food? Yes, absolutely. And in a context of famine or food insecurity, I can see the argument that food is more important than birth control (though high birthrates tend to compound food insecurity). But that is not what we are talking about here. We are talking about the availability of specific meals in a context where there are many options for obtaining food versus the availability of specific drugs and medical devices that must be used continuously to be effective. Before someone chimes in that Ella and Plan B are a one-time pill, that’s only true if you only have sex once. Moreover, any woman who’s taken the “morning after pill” will tell you that it’s an emergency back-up (hence the name…), and popping one every day is neither affordable ($50 per pill, on average) nor medically advisable, if only b/c of the nausea.

Contraception is easy to get, and all methods work the same

Nathalie…when you say contraception…do you mean condoms? Or “the pill”? Or an IUD/device? They are massively different in practice, but all perform the same basic function. Even the so called “morning after” pill is avail over the counter in most states (for those over 18). The problem is that everyone in the USA wants the “gold standard”, which yes requires a Dr’s note, etc. But sex is not a right, freedom of religion is. And yes, condoms are avail just about everywhere in the USA…so the argument that it is “not that easy” is not really true (I understand where you are coming from…but the argument is not valid).

Women want to make reproductive health decisions in consultation with their doctors and whomever else they choose to bring into the conversation (such as their partners, religious leaders, deities, etc). No one contraceptive method is right for all women or all couples, including condoms. Many contraceptives, notably the traditional hormonal birth control pill, have clinical uses beyond preventing pregnancy.

Moreover, from a public health perspective we know that condoms are typically used have a much higher failure rate than other methods of birth control. And from an individual rights perspective, many couples are not concerned about preventing STI transmission (monogamy) but are concerned about pregnancy. What sense does it make for them to use condoms, which are very effective at preventing disease transmission but less so at preventing pregnancy?

And finally, the whole point of classifying contraception as preventive care under the ACA is to exempt patients from having to pay for it on top of their premiums. Saying that people can spend their money on condoms or the morning after pill completely defeats the purpose of including it in health coverage in the first place — which goes back to the previous claim that contraception isn’t really healthcare.

… but at the same time, the specific method of birth control matters a great deal

What kind of birth control is important here because it is not all birth control. Only methods that prevent implantation of a fertilized egg. This evidently meets the “least restrictive means” test of strict scrutiny, the most stringent standard of judicial review used by United States courts.

Skipping over the incongruity of claiming that “all birth control is not birth control,” this claim flies in the face of both the legal and medical definitions of pregnancy as well as the medical consensus on how the IUD actually works. Let’s leave specific medical decisions to patients and their doctors, shall we?

Healthcare is a luxury

One Facebook sparring partner referred to including contraception in employer-sponsored health insurance as “companies providing a service to their employees.” Like a shuttle service from the metro to the office.

Anyone with half a brain understands that employer-sponsored health insurance is part of total compensation.

It is currently, yes. I am arguing that it shouldn’t be. It should be a tax-funded public service available to everyone, same as public schools, fire departments, the police, roads… As I noted on Facebook, I grew up in a country where everyone pays for everyone’s healthcare through taxes and government-funded healthcare, with the possibility to supplement that healthcare in the private insurance market if desired and affordable. It would be inconceivable for different people to have different healthcare options based on where they work. France, by the way, is consistently ranked among the top national healthcare systems by the World Health Organization.

Suppose a business owner decides to have a company cafeteria and provide “free” lunch to her employees. Obviously the meals provided are part of the total compensation package for those employees. But suppose the business owner is Muslim and decides that the cafeteria will only provide halal meals. Now what? I say there’s no problem. Anyone care to disagree? Is the business owner interfering with her employees right to choose their own lunches, and imposing her own religious belief on how she spends “their” money?

While intended as an analogy to the post-Hobby Lobby situation, this scenario actually supports making available products and services that all potential beneficiaries may not need or want. If an employer decides to include birth control in its employee health coverage, there is no requirement for a a given employee to use it. However, not including it deprives the employee of a healthcare option.

People have full agency over their economic lives

You’re free to work wherever you want in this country – people leave jobs for better benefit packages all the time…the government has no business dictating to a privately held company that they must do something that offends their beliefs. People can work somewhere else if they don’t like it.

This person is evidently not aware of the unemployment crisis in this country.

Yeah, but nobody said contraception had to be part of that…and it’s not like that’s not available elsewhere if people want it. @nathalie? So that people aren’t free to choose their healthcare provider either? Personally, I believe that people are smart enough to make their own decisions and should be free to do so. Btw, there’s no unemployment crisis in Texas, the economy’s booming, people should move where the jobs are…I did.

The ACA very clearly includes contraception coverage as part of preventive care. Most Americans only have their employer-sponsored plan (or their spouse’s, if they are married to someone who also has employer-sponsored coverage) as realistic options. Promoting relocation to Texas as a solution to the unemployment crisis is both naive and glib, and the Lone Star State is far from being a reproductive health wonderland.

National healthcare systems are a slippery slope to China-style population control

I don’t support things like “population control”, but you do realize that all of the nationalized healthcare systems do studies on this? They have to, because no matter how “ugly” it is as a thought, you have to look at all ways to solve certain situations. We have a major health issue in the (primarily) lower economic brackets in the USA. No one argues this, and contraception is touted as a solution to this. But people have done studies taking that even further…which is a bit scary to me lol.

Population control refers to coercive state policies (like China’s one-child policy). This is different from birth control or family planning, which refers to women and couples making decisions for themselves.

This person didn’t provide any evidence for his claim, so I’m skeptical that this is factual. I’m also not sure what problem affecting low-income Americans is solved by contraception, other than teen and other unwanted pregnancy — which can ONLY be prevented by contraception. Regardless, the fact that someone, somewhere conducted a study that may have been used to support morally dubious policies has no bearing on whether contraception is an essential part of preventive care for women.

The moral good of the market trumps human consequences

Healthcare is an important product. Americans deserve a free market.

Unlike the legions of Ayn Rand devotees out there, I believe that human consequences are more important than the religion of the free market. And further, I believe that the human rights of human beings are vastly more important than the free market rights of businesses.

Talk at Going Public with Privacy roundtable

On May 28, 2014 I gave a talk about privacy at a roundtable of educators, media literacy experts, youth media professionals, and academics co-hosted by the National Association for Media Literacy Education (NAMLE) and the Annenberg Innovation Lab. The first of a planned series of regional roundtables, this was an opportunity for a select group of diverse participants to gain a clearer understanding of challenges and concerns related to online privacy as experienced by key stakeholders such as K-12 students, parents, teachers, youth media creators, and policy-makers. The accompanying slides (not shown in video) are at NAMLE roundtable May 2014 – Privacy overview

Can a Problem be its Own Solution? Privacy, Technology and the Limits of Civic Hacking

In October 2013, I participated in a hackathon sponsored by the Annenberg Innovation Lab(AIL) on the theme of privacy. Having spent most of my career on the edges of the tech/geek scene, I was excited to get my hands dirty and perhaps finally learn how to code something more complicated than the text on a website. Unfortunately, the hackathon was scheduled for the same weekend as USC parents’ weekend, and attendance was sparse. While the three of us who showed up were guaranteed to “win,” it also meant that three strangers from very different personal and academic backgrounds would have to quickly come up with a technological solution to a privacy-related problem. The first step was to identify and agree on a problem to solve.

The Problem
As anyone with a pulse (and an Internet connection) will have noticed, online privacy is a very hot topic these days. Between Snowden’s revelations about the NSA’s electronic surveillance programsTarget’s data security breach affecting millions of customers’ credit card information, and heartbreaking accounts of cyber-stalking and cyber-bullying driving teens to suicide, the public has every reason to be wary of the dark forces lurking behind that glowing screen, and “online privacy” has become the cri de guerre for civil libertarians, consumer watchdogs and concerned parents from sea to shining sea. The term “online privacy” itself is a bit of a misnomer. Privacy can’t be segmented into online or offline any more than dating or shopping can. Rather, privacy is newly vulnerable to threats coming from the Internet. As my teammates and I quickly realized, these threats (both real and perceived) are far from applying uniformly to everyone who goes online, a reality that the dominant discourse often ignores in favor of one-size-fits all advice like “change your passwords frequently,” “don’t open unsolicited attachments,” and “don’t do your online banking on an unsecured public WiFi connection.” All good advice, to be sure – but far from addressing the range of perceived threats to privacy that the Internet poses for individuals. I’ve alluded to three broad categories of online threats to privacy: surveillance (in the etymological sense, “being watched from above”), economic theft (ranging from the theft of a single credit card number to the usurpation of an entire identity), and context collapse (the increasing difficulty of keeping our multiple social selves separate when social networking sites relentlessly drive us toward convergence). I felt strongly that the surveillance problem was not one that could (or even should) be tackled technologically. The theft problem had already been tackled technologically, mostly successfully, and what progress could be made at the margins was beyond the technical chops of our merry little band of would-be hackers. This left the third problem: context collapse. Specifically, how can users make the most of the Web (including social networking sites and their increasingly confusing privacy settings) to meet professional and personal needs while safeguarding their privacy from online threats?

The Solution
Solving the problem of the optimal web presence would require two prior diagnoses: the user’s current, actual web presence and optimal web presence – what the user would implement if only s/he knew how. Once we knew where a user was and where s/he wanted to go, I reasoned, it would be pretty easy to give them a prescription for getting from A to B. Out of this disease/treatment model came the product’s name: the Privacy Doctor.

ImageThe project mock-up that came out of the hackathon envisioned a Buzzfeed Quiz-type inventory of social media habits, perceived threats to privacy, and desired uses and gratifications of an online presence. In addition to helping people solve a real problem, the Privacy Doctor would also educate users about how the Internet works (both technically and socially) and empower them to make decisions that best suited their needs and tolerance for risk. I felt very strongly that the Privacy Doctor should not collect any information that wasn’t strictly needed to perform the diagnosis or generate a prescription, and that what information we did collect should not be retained, much less monetized. I was, of course, thinking like a social scientist well-versed in the ethics of academic survey research: only ask for information that you really need, and prioritize your subjects’ privacy above all other considerations. I quickly discovered, though, that the tech start-up culture (epicenter: Silicon Valley) has its own guiding principles: being cool and making money. These are not things that I have ever been particularly good at, much to my chagrin.

There are two main ways to make money from a web start-up: either sell a service from the beginning (UberLyftAirBnB), or hope to be acquired by an established player for an extravagant sum of money (WhatsAppInstagram). The tech behemoths (GoogleFacebook) make their money from selling information about their users to marketers – you and I aren’t the customers, we’re the product. I didn’t want to charge money for what I considered a public service, and the idea of selling user data to marketers made my hair stand on its ends, so I convinced my partners that we could eventually “sell” the Privacy Doctor to an established organization dedicated to online privacy.

I had dispatched the profit motive monster fairly easily, but avoiding the pressure to be “cool” proved just as hard as it was in high school. Suggestions included wearable tech, a Google Glass tie-in, and – most worryingly – automating as much of the process as possible. “No one is going to take the time to manually answer questions about their online presence – why can’t that be automated?,” the argument went. My gut told me that asking users to allow the Privacy Doctor to login to their online accounts (Facebook, Google, Twitter, and the like) defeated the purpose of a media literacy project, but I was willing to go along with it – as long as users still had the option of manually completing a questionnaire. I ran into the same argument with respect to the “prescription.” “You’re making it too hard for people – if they wanted to manually change their own Facebook privacy settings they would have done so on their own. People want technology to make their lives easier, not give them more work to do! Since people will have already given the Privacy Doctor permission to log in to their accounts for the diagnosis, there’s no reason it can’t also change their privacy settings for them if they want it to.”

If they want it to.

No one in their right mind would want such a thing, I thought. But that was also the reaction to any number of technologically-fueled social changes that we now take for granted, from personal lifestyle blogs that more closely resemble the journals and diaries of yore, to the practice of “checking in” to a location via Facebook or Foursquare, then broadcasting your whereabouts to a group of “friends,” who may or may not care where you are and whom you may or may not want to run into “accidentally on purpose.” Maybe my critics were right, and there was in fact demand for the service that I had just derided as creepy and evil. Maybe I just didn’t get it. After all, I hear that in Silicon Valley a 29-year-old like myself is bordering on the ancient and out-of-touch. But my gut kept telling me that asking people to give up their online passwords was no way to “fix” online privacy. If I wasn’t going to win a normative argument about what technology should or shouldn’t do, I’d move the argument to the empirical battlefield and do some market research.

What The Data Told Me
From Friday, February 14th to Monday, February 24th, 2014 I collected 103 responses to a 10-item survey administered through Survey Monkey. I used a convenience sample obtained through emailing the graduate student distribution list, posting on Facebook, and posting on Reddit. Additionally, several respondents elected to share the survey link on their own Facebook feeds or to e-mail it to their contacts. The survey instrument is online at It included questions about demographics (age, gender, education), technology use (level of tech savvy, social media use), and online threats to privacy, whether real or perceived. My real interest, however, was in the last question: Would you be interested in using a service that logs into your social media accounts for you in order to assess your privacy settings and change them for you so that they meet your needs better?Snip20140422_2

The data was unambiguous: the Privacy Doctor was a bad idea. The answers to the final open-ended question drove the point home. The quotes below are representative of the responses I received:

  • “Creating such an app would be such a PERFECT way to get access to massive amounts of private data that it would have to be handled very carefully. It would have to be open source and run entirely on the users own machine, not one scrap of code running remotely or communicating with your server. If someone uses your app, the VERY FIRST thing you should do is inform them that they are gullible and do not have the capacity to make reasonable judgments about what is safe or not online then advise them to get rid of their Internet-connected devices entirely.”
  • “I feel that a service that ‘logs into’ your social media is dangerous, even if it is made by a reputable company.”

Armed with data – the social scientist’s weapon of choice – all I had left to do was to break the news to my teammates and my mentors. The Privacy Doctor was Dead On Arrival.