Notes from the 9th Internet, Law and Politics Congress: Big Data: Challenges and Opportunities, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 25-26 June 2013. More notes on this event: idp2013. Moderator: Clara Marsan. Lecturer, School of Law and Political Science (UOC). Preserving Privacy in Times of Counter Cyber-Terrorism Data MiningLiane Colonna. The Swedish Law and Informatics Research Institute. Stockholm University, Doctoral Candidate. Terrorist use of the Internet: Communicate, recruit, fundraise, train, launch propaganda videos, etc. Which poses surveillance challenges: filter terrorist communications, locate terrorist communications, uncover terrorist identity hiding, etc. Data mining:
can make sense of huge amounts of data. creates “new” knowledge. can generate hypotheses. You do not need a prior theory.
Data mining is “seeing the forest from the trees”. Governments cannot disclose their data mining procedures as they would enable criminals to circumvent their practices by changing their behaviour. How do we get both security and privacy? The European Court of Human Rights asks for:
is there an interference? is the interference justified?
The problem is how to balance legality, legitimacy and proportionality. Are there procedural safeguards that limit the scope of the law? Analysis of the European legislation on transfers of Passenger Name Record (PNR) within the framework of the fight against international terrorismAlicia Chicharro. Profesora contratada doctora de Derecho Internacional Público de la Universidad Pública de Navarra What happens when huge amounts of data are transferred to national security agencies? Usually, security wins in the trade-off with privacy. When different countries require the collection of data from air voyagers, some incompatibilities may arise between different countries’ regulations. What to do? What can airlines do to accomplish both regulations (origin and destiny)? The European Union has bilateral agreements with the US, Canada and Australia. And all of them are different among them: they have different goals, different sets of data to be shared/transmitted are defined, different time-spans where data can be used, and, indeed, they all rely on the domestic (destiny) regulation to be able to tell what rights to apply to the European citizen facilitating their data. One of the problems with EU regulation on international data transission is that it has always been reactive to the demands of third countries. The EU should be more proactive and try and agree on shared regulation that lies within some red-lines drawn by the EU itself. Protection of personal identity in face of untrue statements on the webMaría Dolores Palacios González. Profesora Titular de Derecho civil de la Universidad de Oviedo. What happens when a person is attributed the authorship of a text they have never written? Can they claim “non-authorship”? To whom? How? e.g. the Wikipedia entry for a write attributes to him being the author of a work when they are not the authors, and the Wikipedia managers will not change the entry despite the “author” clarifying that they never wrote that piece. Some laws (e.g. in Germany) consider illicit attributing to someone writings that they never penned, especially when these writings can confuse the image or the personal identity of that person, e.g. by identifying them with ideologies that they do not share. This would be a right to one’s identity but not from the usual approach of the issue. This may be necessary as the Internet has changed dramatically the potential to alter one’s words or ideas. And there is no other approach to this issue from other perspectives: privacy, identity, intellectual property rights, etc. Maybe the best approach would be the one that applies to mass media: the right to rectification, that is, the right to be presented in society the way one wishes best. The problem is that the Internet has multiplied the difficulties to identify what is a medium, who is the owner/administrator, who is the responsible for a specific bunch of content, etc. Discussion What should be stored and what can be already been used “because it’s out there”? Colonna: sure the line should be laid around the principle of proportionality… wherever this principle may lay. Clara Marsan: Is there any research on the impact on privacy vs. the performance of surveillance practices? Literature on “traditional” surveillance usually says that the impact on privacy is much bigger than the successes against terrorism. Colonna: the problem is that most of this information is classified, so there is no way of telling the impact or the benefits of digital surveillance. This post originally published at ICT4D Blog as IDP2013 (IV): Privacy (I)