Bryan Short, a former contributor to the Digital Tattoo, spent the last year working for the B.C. Freedom of Information and Privacy Association (F.I.P.A.). During Right to Know Week this year, the UBC iSchool hosted F.I.P.A. for an introductory workshop that teaches the fundamentals of requesting records from public bodies.
In this blog post, Bryan reflects on his first Freedom of Information (FOI) request and considers how the FOI system can be used as a form of resistance against the power asymmetries that exist in our modern information technology landscape.
While it’s been more than three years since Bryan filed his initial request, he’s recently come to learn more about how personal autonomy is undermined by data exploitation, for whom our data has the most value, and the impact of data surveillance on our freedoms.
Why make a Freedom of Information request?
Early into my time with the Digital Tattoo, I filed my first freedom of information (FOI) request. I was about to begin studying at the UBC Graduate School of Journalism and understood FOI as a tool used by journalists to access information held by public bodies. Importantly, I didn’t yet understand that FOI was a tool not just for information specialists—like journalists, researchers, and lawyers—but an important and fundamental right granted to every citizen in a democratic nation. A tool so important, in fact, that democracy itself depends on it.
There are countless files out there concerning you. Do you know where they are and who owns them? (Image source.)
My supervisor at the Digital Tattoo project, the wonderful Cindy Underhill, implored me to find out what kind of information UBC’s learning management system (LMS) collects about students. It was a good question, I thought. And so I began navigating a complex series of legal documents—in the form of terms of service and privacy policy agreements—in search of an answer. To my surprise, I couldn’t find any conclusive evidence of the precise kinds of information being collected by the LMS.
But, buried deep within the wordy pages of those agreements, I found a statement indicating that any student interested in learning exactly what was being collected by the LMS could file a request for personal information under B.C.’s Freedom of Information and Protection of Privacy Act (FIPPA). Great, I thought, this couldn’t be too complicated. So I made a trip to the UBC Office of Counsel to submit my request.
Although what follows has been greatly documented—I detailed the process for the Digital Tattoo in a series of blog posts and a video called Connect Exposed; the UBC student paper, the Ubyssey, also covered my attempt to opt out of Blackboard Connect’s successor, Instructure by Canvas; and I did a podcast interview with EdSurge about the whole thing—I have only recently come to learn something new about my request.
What’s now become clear is that the reaction to my request for personal information is more important than the data I received, which was abundant. While on some level I recognized that asking questions about my personal information—by exercising my information rights—might be seen as subversive, I was not yet aware of the significance of the reaction to my request. To me, this underscores the political and ideological value of such requests. And although it became clear that my request was viewed as an openly hostile gesture, I still wonder if asking a question in a post-secondary institution should be considered activism.
After all, aren’t Universities the place to ask questions? Shouldn’t they be encouraging students to examine their often overlooked relationships with technology? Every day, we interface with information systems that collect, analyze, and store our personal information. Sometimes we make the choice to use these systems, other times we are required to use them. As it happens, UBC students are not presented with choices when they consent to the data surveillance and exploitation model of the LMS.
I simply wanted to know: Why do they need this information?
What’s Freedom of Information?
Freedom of information is a basic premise in all functional, democratic nations. It’s the idea that citizens have the right to access information related to how their government works: It grants voters the ability to learn if politicians are keeping their promises; it gives individuals the right to know how public bodies are making decisions; and it allows civil society organizations to do advocacy work around important issues like the environment.
Who is looking at this stuff? (Research Scene Vector.svg from Wikimedia Commons by Videoplasty.com, CC-BY-SA 4.0. Source.)
Included within these rights, is the ability to request access to personal information under the control of an organization. Through this legal mechanism, we can discover how our information is being used, to whom it has been disclosed, and to request a correction should we find this information to be incorrect. This gives us the ability to learn about how public and private bodies are using our personal information to make decisions that directly affect us.
This right also goes some distance to rebalancing the power asymmetries that exist in our information technology landscape. Every day, individual users regularly enter into legal agreements with some of the biggest companies in the world, like Apple, Microsoft, Amazon, Google, and Facebook. In addition, the government holds a lot of information about us and frequently uses it to make decisions about things like healthcare, taxation, education, and citizenship. If we didn’t have the right to know how our personal information is being used by these private and public bodies, we wouldn’t have any control over how we’re being represented within these systems.
Although these rights might seem basic today, we once didn’t have them. Before 1993, any person in B.C. seeking to access information held by the government or a public body had to make an informal request, which could be rejected for any reason. But in the wake of several government scandals in the late 1980s, the Freedom of Information and Protection of Privacy Act (FIPPA) came into force in B.C. in 1993. The New Democratic Party (N.D.P.) campaigned on the promise of bringing the best freedom of information legislation in the world to B.C. Ultimately, the N.D.P. won the election in 1991 and began working on legislation that would be heralded by many as being the best in Canada, if not the world.
F.I.P.A., the organization I now work for, was instrumental in advocating for these new information and privacy rights. A few months ago, I made a podcast about it.
With private organizations, B.C.’s Personal Information Protection Act (PIPA) of 2003 granted people information rights similar to those that are ascribed under the FIPPA. Between the rights created under these two Acts, residents of B.C. are better able to understand how personal information is being used by public and private bodies. These legal mechanisms go some distance towards rebalancing power asymmetries by enabling individuals to achieve self-representation in our modern information technology landscape by requesting access to, and correction of, personal information.
In the year 1993, few would have imagined the amount of information that organizations like Universities would be able to collect about people, the inferences that could be made based on the analysis of this data, and the value of this data. But the FIPPA was written to include information rights that did seem to understand—indeed, to some extent to predict—the risk that the collection, analysis, and storage of all this information would pose to the autonomy of British Columbians.
F.I.P.A. is now calling for some important reforms to the Act. And B.C.’s current N.D.P. government promised some of these changes during their last election campaign. When the Act was passed, the new technology of the time was the fax machine. Some important amendments are necessary in order to bring the Act up to date. F.I.P.A. is currently petitioning the government to make these changes. I’d encourage you to lend your name to this campaign.
Who makes Freedom of Information requests?
The interesting thing about such important rights is that they’re not widely known about or used. According to the most recent legislative review of the FIPPA, the majority of the requests come from a minority individuals and organizations. Political parties file a lot of requests as they attempt to uncover information that will tarnish the reputation of the opposing party. Journalists file requests in order to inform on issues of public interest. Lawyers file requests in order to gather preliminary evidence. And then, there are a few FOI “super users” who seem to file requests on just about everything. Not often found amongst these frequent requesters, are the hosts of individual British Columbians who could be using FOI to learn about the issues that are important to them, and to exercise their autonomy by learning about what information exists about them within these systems.
How is Freedom of Information Activism?
After filing a personal information request for my learning data with UBC, I quickly came to learn that no other student had done this before. In fact, UBC didn’t even have a system in place to easily comply. Resources needed to be allocated in order for UBC to extract my learning data from the LMS. It became apparent that UBC hadn’t anticipated that any person would exercise their information rights by making such a request.
Students at Shimer College, Chicago, protest for increased transparency from their Board of Trustees in February, 2010. (Source.)
This is as insightful as it is unsettling. It provides a glimpse into the mindset of the people making decisions about data collection on UBC’s LMS. It is an indication of the confidence that decisions makers have in their assumption that they alone act in the best interest of students. If that assumption is false, then it certainly puts into question the subsequent premise that data surveillance is necessary for enhanced product offerings, a mindset that UBC promotes, and which UBC adopts from private industry.
My search to discover what information was collected about me through the LMS, how this information was being used, with whom it was being shared, and how it was being stored, was regarded antagonistically. After all, these weren’t the kinds of questions that a student at a University should be asking. In a meeting with a senior UBC staff member who oversees the LMS, I was told that the information being collected on the LMS was for my benefit: “Help us help you,” I was told dismissively.
I find this to be problematic rhetoric from someone charged with overseeing learning technology in a public institution with a mandate to educate. Education means asking questions, examining unequal power systems, and reflecting on our own positions. But when an assumption was challenged by a member of the very population this person claimed to be acting in the best interest of, it was categorically disregarded. While that was initially frustrating, in retrospect, it is incredibly revealing.
It confirms my fear that the model adopted by UBC, through subcontracted education technology companies like Blackboard and Canvas, embraces the exploitative practices being developed by the titans of the technology industry, like Google and Facebook. It is the “help us help you” rhetoric that shows that the model from private industry is creeping into our public institutions. In private industry, there is an incentive to monetize data in order to create value for shareholders. This monetization model is always disguised by proponents with claims that the data can be rendered to create enhanced products and services for users. But this is not the case for Universities, whose mandate is to simply educate, not to create value for shareholders. A great and visible divide should and must exist between the mandates of our public institutions and those of the companies it subcontracts.
What does the erosion of this divide look like? It could manifest itself as a staff member dismissing the concerns of a student because they feel that they better understand the needs of students. It could look like a staff member plagiarizing marketing rhetoric from the companies it’s their job to procure. And it could look like an automated system making interventions that undermine student autonomy and self-representation. These are all incidents which represent the increasingly porous divide between private and public spheres and the drive to exploit data.
Where the private and public spheres differ is in the output of data. Instead of directly creating value for shareholders, the data collected by the LMS is exploited in order to offer predictive learning interventions. This can be most readily seen in the field known as learning analytics, which seeks to harness the digital exhaust of students in order to make inferences about their ability to learn and to offer interventions. A few years ago, when I asked for a successful example of this innovative behaviour modification technique, I was told that the system was not capable of actually making these predictions. Nonetheless, the data surveillance and exploitation was still being conducted despite it presenting no value for students. It makes me wonder who really benefits from the ongoing data surveillance and exploitation; does the value of the data do more for shareholders of the companies UBC subcontracts than it does for students?
Aside from this concern, the data surveillance model is dangerous for our public institutions to embrace because it relies on the extraction of behavioural surplus in order to predict and manipulate future behaviour. With Google, this could look like exploiting data in order to serve a specialized advertisement to a person at a time when they’re most susceptible to making a purchase. Within the context of the LMS, this could look like using data to identify a struggling student and offering interventions at a time when the system deems most optimal. Both examples operate on the principle that surplus data can and should be used to make inferences about the future behaviour of a person. This is problematic in the context of a University because it challenges a student’s ability to self-represent.
In the world of surveillance capitalism, information collected about you is extremely valuable–and often, you may not even know it’s being collected. (Source.)
Shoshana Zuboff, in her book The Age of Surveillance Capitalism, describes this model as a mutant form of capitalism. As previously mentioned, proponents of the behaviour manipulation model will claim enhanced products and services for the user as justification for data surveillance and exploitation. One of the problems, we’re coming to learn, is that the supposed benefits of data surveillance are always far greater for the company than for the user. The other problem is that the model actively undermines the freedom of an individual to make a choice in any given situation, which threatens not just our autonomy, but our democracy itself.
Instead of Google presenting an advertisement that exploits data to predict when someone is most likely to do something, what if the data is exploited to prevent someone from doing something like voting in an election? This happens all around the world. The information being collected about us is weaponized to disincentive participation in the democratic process. While that might not be happening on the LMS, the data extraction principle is the same and it sets a dangerous precedent, one that public institutions with a mandate to educate should be very cautious to endorse.
And to me, this is a fundamental privacy violation. Privacy means having the freedom to choose how and when I’m represented in the varying contexts in which I exist: at home, at work, at school, and so on. When a system restricts my ability to self-represent—by making inferences about me based on arbitrary surplus data—I argue that my privacy is being violated. This is true even if the privacy violation is purportedly being done in my best interest. It may seem strange, but I believe that I should be empowered to make my own choices, even if my choices lead to a seeming disadvantage, such as academic struggles. This is how I want to exercise my freedom to choose, and I view these choices as part of the learning process, as a necessary step in growth. Audrey Watters, in her recent review of Zuboff’s new book, perhaps says it best:
“[T]hose who work in and work with education technology need to confront and resist this architecture – the ‘surveillance dataism,’ to borrow Morozov’s phrase – even if (especially if) the outcomes promised are purportedly ‘for the good of the student.’”
Students need to be able to represent themselves in the architecture of the LMS, to be able to assert their own choices and exercise their own freedoms. This is especially important when confronted with data surveillance systems like the LMS, which use the behaviour surplus model to extract value, manipulate behaviour, mitigate student autonomy, and undermine our basic freedoms.
The first logical step towards self-representation in the context of educational learning technology is to know and to understand what information about you exists within the system. Only after this, can a student contend that the system is working in their best interest because they now have the information necessary to make an informed choice. Luckily, B.C.’s freedom of information legislation has assigned information rights that allow people to learn these things. And doing so shouldn’t be perceived antagonistically; it is a logical and reasonable reaction to a system that attempts to undermine a student’s freedom to self-represent.
The problem is that if every student at UBC submitted a request for their personal information on the LMS, the University wouldn’t be able to meet the requirements of the provincial privacy legislation that assigns British Columbians these information rights. UBC would be unable to comply with the FIPPA and would be forced to stop its data surveillance practices on the LMS. The LMS would still function—students would still be able to interface with instructors, submit assignments, communicate with other students—but the data surveillance and exploitation model would have to stop.
We then might come to learn for whom the data surveillance and exploitation model on the LMS was benefiting: The students who create the majority of this data; the administrators who harness some of this information; the learning analytics staff whose employment is predicated by the behaviour manipulation model that’s being adopted from private industry; or the shareholders of the companies that UBC subcontracts.
Why Freedom of Information needs to be Activism
I’m dismayed to say that Canada’s access to information system is not healthy. I hear stories everyday of people who are frustrated by Canada’s access information regime. Unlawful delays, excessive redactions, and a toothless federal regulatory system that’s powerless to ameliorate any of these harms. As an example, the RCMP doesn’t even currently respond to acknowledge that they’ve received an access request.
Canada needs to step up its FOI game, and citizens need to fight for their (digital) rights. (Source.)
For the most part, this isn’t the situation in B.C. We have a strong regulator in our Information and Privacy Commissioner. That office actively intervened in my request with UBC in order to compel the University to produce my personal information. Compared to other Canadian provinces, B.C. has one of the strongest FOI and privacy regimes in Canada. The work of F.I.P.A. can surely be credited for helping to achieve and maintain this standard.
But just this week, I heard from a youth in B.C. attempting to access important records from the government. She wants to learn about how the government has made decisions that affect her in very meaningful ways. It’s fundamental information for her to know. For a young person, the system is already frustrating enough with its bureaucracy and lengthy timelines, but at the very least it’s a legal backstop that helps to rebalance power. She has told me she has given up trying at this point.
Yet I believe there’s still hope. In the fall of 2018, while beginning my new role at F.I.P.A., I began learning how Statistics Canada was acquiring the detailed financial information of everyday Canadians from private credit reporting firms. The government was not seeking consent from people and were drawing power to collect this information under a Canadian law that was written long before even the fax machine had been invented. Meaning, the vast amounts of accessible information available today is incomparable to the antiquated law by which Statistics Canada derives its authority.
I submitted a request for personal information under the Privacy Act to Statistics Canada and was shocked to find the amount of financial information they had collected about me. So I assisted OpenMedia, another non-profit advocacy organization, with instructions on how other Canadians can file requests for personal information with Statistics Canada. More than four hundred Canadians decided to exercise their information rights, leading Statistics Canada to suspend the program. It would appear that the government wasn’t able to comply with the volume of requests, and that this directly impacted their decision to discontinue the non-consensual collection of detailed financial information on hundreds of thousands of Canadians.
The ability of Statistics Canada to collect this detailed financial information is made possible by the internet, which in turn enabled those four hundred people to make their requests. Freedom of information, therefore, is a reasonable and balanced response to the plethora of potential privacy violations and the vast power asymmetries that are created through our modern information technology landscape.
Today, I encourage you to submit requests for personal information in the contexts by which you find yourself being marginalized within these systems. Not because you reject the system, not because you reject the collection of your personal information, but because future generations depend upon people today stepping forward and demanding equitable treatment, fairness, and self-representation.
These are our rights. If we don’t use them, we’ll lose them. And we have the opportunity to rebalance power within these systems today and shape how they will work tomorrow.
Learn more about the FIPA process and where to submit a request.
Written by: Bryan Short
Edited by: Samantha Summers
Featured image: “Files,” by EvelynGiggles on Flickr, used under CC licensing.
This is a really helpful post and very informative there is no doubt about it. I found this one pretty fascinating and it should go into my collection. Very good work!