Legitimate and Monitored

Paul Francissen: “We need to engage in dialogue about the digital society”

  • Follow us on Facebook
  • Follow us on LinkedIn
  • Follow us on Twitter

Publicroam offers WiFi access at host locations such as libraries and the Salvation Army. It only requires you to create a Publicroam account once. After that, you automatically have online access at all the connected locations. Privacy, security and a user-friendly experience are of paramount importance to Publicroam. We talked to co-founder Paul Francissen about how to involve people in value-driven technology and what role Tada could play in this.

Can you tell us about Publicroam’s origin story?

Paul Francissen: I founded Publicroam together with Ted Dinklo. Everything started with Eduroam, the WiFi access service for the education sector. Taking Eduroam as inspiration, I took the initiative to establish Govroam. A third of Dutch government institutions are now connected to this. After that Ted and I were wondering: why isn’t there a service like this for public institutions? That turned into Publicroam; any organization can connect to this to offer guests easy, secure access to guest WiFi.

We connect networks to facilitate online access at all connected locations. But if you’re a Publicroam user and you’re going to connect to WiFi networks automatically, you want it to be safe, secure and privacy-friendly. You want to avoid any profiles being created from your online activity, or any form of WiFi tracking. For security purposes, we use the WPA2 enterprise security protocol. To safeguard privacy, we only collect the information necessary to provide the service. We ask for your name and mobile phone number. We do not share any data with third parties. Host locations cannot trace your WiFi activity back to your name or phone number either.

Nearly all services and products currently claim that they guarantee privacy. But how does the user know that it is actually safe, secure and privacy-friendly?

Our privacy statement and terms of use are relatively short and easy to read. We retain data as briefly as possible and do not secretly share it with third parties. Some time ago, I took a long, hard look at Apple Pay’s terms of delivery. That is a hefty document full of legal jargon. Even if you could understand the legalese, you would also need to have the time to read it in its entirety.

In addition, we have created a governance model that incorporates constant critical feedback. We do not deliver our service directly to users. Our clients are host locations such as municipalities and libraries. They have a procurement policy that sets requirements for safety, security and privacy. This is laid down in service agreements. If we do not comply with those requirements, they will stop purchasing our service.

Users are more likely to trust Publicroam because it is offered by those types of parties. But yes, it is a major problem that all kinds of services and products claim to be privacy-friendly, safe and secure. Such claims make these concepts less meaningful. We want to be seen as a party that truly endorses those values. But that is not easy to explain.

Would a certification offer a solution? A hallmark of quality issued by an independent party indicating that privacy is guaranteed?

It would be nice if there were an organization that could draw up an assessment framework and assess products accordingly. But at the same time it is also very difficult to establish such a certification in actual practice. Choices regarding privacy are not always that black and white. At Publicroam, we adhere to the strictest standards. But for instance, we do save the users’ mobile number as long as their account is active. Traffic data is retained for three months. That data is only used if a user is making mischief on the networks. We offer access to networks of parties that do not know each other. We have built in a certain degree of traceability. This makes it acceptable for the host locations to allow complete strangers on their network.

It might be worth discussing whether that is privacy-friendly. Where one person understands the consideration, the other considers it an invasion of privacy. The party that draws up a framework of standards for privacy certification would have to make choices in those contexts. That inevitably leads to personal opinions and beliefs, and considerations become increasingly political in nature.

What are you doing in relation to Tada?

Two years ago, we started talking to the municipality of Amsterdam about a rollout of Publicroam in the city. During those conversations, we found out about Tada. It is a great initiative and is aligned with what we are looking for. By including a link to the manifesto on our website, we want to show that we endorse those public principles and apply them in our business operations.

It is a specific perspective that we endorse. It goes beyond compliance with the General Data Protection Regulation (GDPR). We need to engage in dialogue about the digital society. What happens to data and what does that mean for how society is developing? And above all, what future do we want to pursue? How do we get the most out of digitalization and how do we minimize the negative effects? It is good to state principles that define how you want to interact with each other as a society.

What aspects of Tada do you consider difficult?

What I find difficult about Tada is that it is not always specific enough. The manifesto is also fairly generic. Ideally, you would want to have an assessment framework that can be used to assess a service or product. That would make it possible to assess AirBnB, for example, and determine whether it is in line with what we want for our city. But the problem with that is that it quickly becomes political. People have different ideas about something like AirBnB. If Tada becomes more specific, there is a risk that its raison d’être will come under stricter scrutiny.

For Publicroam, it is nice that there is a manifesto that we can endorse. But it is also signed by such parties as Facebook. This means that it does not provide the user of a service any guarantees regarding the specific choices made by each party. Perhaps Tada could be applied in actual practice in the form of a transparent monitor or dashboard. We have this manifesto and we state certain principles. We make these principles specific enough that they can be assessed. This is then reflected in an extensive dashboard. That might provide a more nuanced overview. This would avoid making it a yes/no verdict. It makes it possible to see which things are arranged properly and where there is room for improvement.

What aspects of Tada appeal to you?

Tada’s strength lies in the fact that it derives its legitimacy from the city. It represents a diverse group of people who are concerned about the developments surrounding digitalization. Because it is based on a geographical region, it is less political. And that makes it easier to endorse it, based on shared local interests.

I also believe that the collaboration with other cities like New York and Barcelona is a strong point. This means that it is not just based on our own situation. It addresses an issue that is experienced worldwide. We share the same concerns and we start from the same principles. We are working together to look for alternatives and solutions. It is important that the public debate on digitalization is conducted more widely. Tada could be a driving force in this. Because it reasons on the basis of principles – rather than politics or legal considerations – Tada can independently encourage that discussion.

Translator: Joy Philips

Leave a Reply