IDP2013 (X): Privacy (II)

Notes from the 9th Internet, Law and Politics Congress: Big Data: Challenges and Opportunities, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 25-26 June 2013. More notes on this event: idp2013.

Moderadora: Mònica Vilasau. Lecturer, School of Law and Political Science (UOC).

The use of Big Data to generate behaviours
Ramon Miralles, Coordinator of Auditing and Security of Information. Catalan Data Protection Authority

Service providers are often accused of lack of clear information, lack of specific usage of the data they are collecting, etc. Besides — or added to — this lack of clarity, data is increasingly becoming a source of wealth, and thus leads to changes of relationships of power and new behaviours.

A detailed analysis of big data, can it induce to changes in behaviour? e.g. the Obama team found that women aged 35-50 y.o. usually had many photos of George Clooney on Facebook. After realizing that, there was a sensible increase of the number of public appearances of Barack Obama besides George Clooney and the number of photos that they shared… and which of course were distributed on social networking sites.

But are there behaviours which there is a consensus that they are bad (xenophobia, racism) and which could/should be fought with the use of big data? Is there still room for free will? Should we change our regulatory framework to adapt it to these new realities/policies? Would it be, on the other hand, fair or legitimate?

Or maybe the terms of use could include new clauses (premium clauses?) in which the service provider would inform the user of the usage of their personal data?

Automated Journalism: Artificial Intelligence Transforms Data into Stories — When data protection principles and privacy protect the right to express opinions freely and to receive accurate information
Cédric Goblet. Lawyer at the Brussels Bar

Can a robot replace a journalist? Narrative Science’s Quill is able to write human-readable articles or pieces of news after a collection of specific data. A robot implies loss of all editorial autonomy, no verification of the sources, lack of analysis of the information with a critical eye and independence, or the mistaken belief that a machine will be neutral and objective. It is very likely that machine-made pieces of news will result in a tendency towards infotainment and fostering an echo chamber effect.

Big Data: A Challenge for Data Protection
Philipp E. Fischer, Ph.D. candidate (IN3 Research Institute, UOC Barcelona), LL.M. in intellectual property law (Queen Mary University of London / TU Dresden); Ricardo Morte Ferrer, Lawyer (Abogado), Master of Laws (UOC). Tutor for law studies (Grado en Derecho) at the UOC. Legal adviser for the TClouds Project at the ULD, Kiel

One of the main challenges in data protection is the high asymmetries in the relationships of power between service providers and end users: there may be no alternative to that service, there may be not all the information in the terms of service, there may even not be the whole information in these terms of service, etc.

The right to data protection in the public administration
Rosa Cernada Badía, Investigadora de la Universidad de Valencia

In the administration of Justice, communications usually publish data from the citizens. Before a law of public information reutilization and another law protecting personal data, it is obvious that a conflict arises.

But not only a technical or legal solution is needed, but also a political commitment that settles interoperability, responsibilities, allocation of resources to manage information and data, etc.

9th Internet, Law and Politics Conference (2013)

IDP2013 (IX): Privacy (I)

Notes from the 9th Internet, Law and Politics Congress: Big Data: Challenges and Opportunities, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 25-26 June 2013. More notes on this event: idp2013.

ModeratorMaria Àngels Barbarà i Fondevila. Director, Catalan Data Protection Authority

Internet social networks, non-contractual liability for infringements of data protection rights by the data controller and International Private Law
Alfonso Ortega Giménez, Profesor de Derecho internacional privado de la Universidad Miguel Hernández de Elche (Alicante)

The dramatic growth of participation in social networking sites can be approached from the international private law.

Users normally accept all the terms of conditions of social networking sites. But what law is to be applied? It depends. In these terms it is normally stated what law and what jurisdiction is to be applied. Thus, the user is not protected by the law as there is a high degree of defencelessness as they have to deal with “foreign” laws most of the times.

Big Data and Social Control In The Perspective Of Proposed EU Reform On Data Protection
Alessandro Mantelero, Polytechnic University of Turin; Giuseppe Vaciago, University of Insubria.

There is an asymmetric distribution of the control over information. Interaction between the private and the public sector is mediated by these data and this imbalance of power.

There is a political and strategical value of the European regulation on data protection, as there is a predominance of US companies in the ICT sector, which implies an influence of the US administration on national companies.

Indeed, is not only about jurisdiction in terms of what law applies, but also the fact that most data of European citizens are stored overseas (usually in the US).

An added political/strategic/security issue, then, is that the US Administration can require the firms in US soil (e.g. most of all in cloud services) to access all the data in their silos.

Data portability reduces the risk of lock in as it allows for transferring data from one place to another. In this sense, it also reduces monopolistic practices, reduces the power of the service provider and eases establishing more balanced regulation.

E-Health in the Age of Big Data: The EU Proposed Regulation on Health Data Protection
Panagiotis Kitsos, LLM, PhD. IT Law Team, Dept. of Applied Informatics. University of Macedonia, Researcher; Aikaterini Yannoukakou, Librarian MSc. IT Law Team, Dept. of Applied Informatics. University of Macedonia, PhD candidate

What are the challenges that big data poses in the field of e-Health? Many uses so far: drug data extracted from prescription records, devide data collected from implantable cardiac devices, clinical data collected form medical records and medical images, claims and financial data, patient behaviour and sentiment data, etc. All these are already transforming healthcare.

But there are many privacy concerns, most of the related to the possibility to “re-identify” patients even if their respective data has been anonymised.

Another concern is the right to be forgotten in relationship with health records.

Maybe we have to move from what to protect to how to protect.

Discussion

Barbarà: is consent enough to protect the citizen? Is it informed enough to count as valid?

Ricardo Morte: if there are issues with jurisdiction, it is very likely that the citizen cannot appeal to the Constitutional Court. Is that this way? Is there any “equivalent” at the international/European level? Ortega: the problem comes not in what falls within the framework of the (commercial) agreement, which is quite well contemplated by the current regulation, but in what falls outside of the framework of the agreement, in what is extra-contractual.

9th Internet, Law and Politics Conference (2013)

IDP2013 (VIII): Social Movements

Notes from the 9th Internet, Law and Politics Congress: Big Data: Challenges and Opportunities, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 25-26 June 2013. More notes on this event: idp2013.

Moderator: Rosa Borge. Lecturer, School of Law and Political Science (UOC).

Invited speaker: Techno-politics and 15M. Models, data, hypothesis and analysis of political action in the network society
Javier Toret, Researcher and activist. Author of Tecnopolítica: la potencia de las multitudes conectadas. El sistema red 15M, un nuevo paradigma de la política distribuida.

This research has a different approach from the usual one: there is no theory that aims at being validated by data, but lots of data, an event, that is being analysed to see whether a theory or an explanation can be inferred.

Hacking + activism + netstrike = hacktivism. Technopolitics.

The crisis is a necessary but not sufficient condition for the movement to take place. The narrative and the previous experiences on the net, the evolution of memes (memethics) and campaigns, etc. are very important to set up the movements. In this sense, there is a “migration” of hashtags across several movements. On the other hand, most of the people that participated were already users of social networking sites. And not only social networking sites, but social movements in general: there is a powerful online-offline hybridization of participation.

Technopolitics is not cyberactivism, because it also happens outside of the net; and it is not slacktivism, because there is much more than just uncommitted online politics.

Multilayer approach: the physical layer, the media layer, the technological layer, etc.

Technopolitics is becoming a pattern, and an important one, all over the world’s politics.

Again, there is a high correlation between the online and the offline world, between Facebook groups and local (physical/offline) groups.

A technologically structured contagion took place during the indignados movement. How does this contagion happens? Emotions play a major role, are central in the movement.

Emotions, vocabulary, etc. are really synced during the movement, especially during offline events (and their replica online).

It is important to note the different organizational structures between parties — hierarchic, isolated — and the movement — decentralized, networked.

Spanish Indignados and the evolution of 15M: towards networked para-institutions
Ismael Peña-López, Professor at the School of Law and Political Science of the Open University of Catalonia; Mariluz Congosto, Researcher at Universidad Carlos III de Madrid; Pablo Aragón, Researcher at Barcelona Media Foundation

The study of social mobilization in the age of Big Data
Jorge L Salcedo M, Investigador Grupo Democracia Elecciones y Ciudadanía UAB, Consultor Universitat Oberta de Catalunya; Camilo Cristancho, Investigador Grupo Democracia Elecciones y Ciudadanía, Universitat Autónoma de Barcelona

Central question in social science research: behaviour, communication, information dynamics. And methodological challenges: influence networks, actor attributes and roles, context and case studies.

What are the consequences of social media use on mobilization and diffusion? What are the bridges and commonalities between computer and social sciences?

The aim of the research is finding what is the state of the art of research in the field of mobilization and its relationship with social networking sites. A literature review for the period 2007-2013 was carried on.

Diffusion is based on the adoption of a practice or features through different channels. It depends on the message, the information dynamics, actors and the network structure. Some organizations play key roles in some mobilization processes, and specifically, the resources of these organizations. These resources can also be social capital, linkages and opportunities.

The relationship between actors, indeed, can tell us much about the probability that a movement can go on, can evolve, can grow.

Organizations are usually “sense makers”, they provide good explanations for what is happening in reality, they provide frames, scenarios, diagnosis, identify the main subjects. We know little, though, how the context changes, what are the group dynamics.

Concerning future research, we have to take into account the diffusion processes that involve information dynamics but also practices (tractics, strategies) and cultural norms. On the other hand, are we putting to much hope on Twitter or other social networking sites? We have also to analyze network linkages, formal structures vs. communication dynamics.

9th Internet, Law and Politics Conference (2013)

IDP2013 (VI): Politics

Notes from the 9th Internet, Law and Politics Congress: Big Data: Challenges and Opportunities, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 25-26 June 2013. More notes on this event: idp2013.

Moderator: Ana Sofía Cardenal. Lecturer, School of Law and Political Science (UOC).

Opening new windows: decision-making centralization and online interaction in CIU, ERC and PSC.
Marc Esteve Del Valle. Doctorando del Programa de Sociedad de la Información y el Conocimiento de la Universitat Oberta de Catalunya (UOC) – Internet Interdisciplinary Institute (IN3); Rosa Borge Bravo. Profesora Agregada de Ciencia Política de la Universitat Oberta de Catalunya (UOC) – Internet Interdisciplinary Institute (IN3)

What is the use of the Internet that parties do to “open” themselves and interact with the citizenry.

There are two approaches to ICTs and politics:

  • normalization: nothing is changing, parties will adopt ICTs for their traditional purposes, for their “politics as usual”. The citizenry nor adopts ICTs to participate more or whatever.
  • new mobilization: citizens can initiate their own campaigns thanks to several tools available online. These campaings, though, would be bound to parties, that is, it’s partisans that initiate campaigns to support parties. Networ party (Heidar & Saglie, 2003), cyberparty (Margetts, 2006), citizen initiate campaigns (Gibson, 2013), etc.

Reasons why parties would use ICTs: external context, inner characteristics of the party, position in the electoral market, contagion, etc.

H1: centralized and highly hierarchical parties have less interaction instruments in their websites (centralization index by K. Janda, 1980)
Data show that the three parties do not difer very much in centralization, and they do not difer either in matters of windows of interaction. Thus, evidence that centralization leads to more interaction is very weak.

H2: the degree of centralization does not seem to be related with the windows of interaction that PSC, CiU and ERC provide on their Facebook pages
Concerning the web 2.0, there neither are many differences. Indeed, the thesis of the contagion is very powerful, as there seems to be a pattern where a party initiates a certain activity and the rest copy it not long after.

Though parties showed different strategies and different levels of participation on Facebook, it cannot be stated that this was due to centralization differences. It is very likely, though, that is the state of political news or the political agenda that better shapes the strategies and interactions on Facebook.

To tweet or not to tweet? Social networking strategies in Catalan local governments
Joan Balcells, Lecturer, School of Law and Political Science (UOC); Albert Padró-Solanet, Lecturer, School of Law and Political Science (UOC); Iván Serrano, Researcher, IN3

How can be Twitter used in the context of e-Government? What are the factors of adoption of Twitter by local governments? How is Twitter used by local governments?

Logistic regression on the characteristics of the 947 municipalities in Catalonia was performed to tell the reasons for Twitter adoption. On the other hand, Twitter was mined to retrieve tweets by twitting municipalities and be able to tell the different usages of Twitter by them.

Problem: what (or which one) is the “official” Twitter account in a local government? The more representative one was chosen.

Assumption: if local governments are rationals, they will be on Twitter if the benefits are bigger than the costs of using Twitter.

Characteristics like size of the government, level of e-government, population, public employees expenditure per inhabitant, level of education of the municipality, socio-political mobilization or a change in government in the 2011 elections impact positively in probability of opening a Twitter account. The last issue, a change of party in office, is especially relevant, which stresses the point that in local governments leadership still plays an important role.

Concerning performance, measurements were tweets per week, RT per week, mentions, etc. Larger cities were the ones that performed better on Twitter.

A survey was addressed to Twitter managers asking what was Twitter for. There is major consensus on Twitter for informing citizens. But there is no consensus on interaction with citizens. Again, there is agreemen that Twitter is good for the local administration and for citizens, but there is some level of conflict when asked whether it is good or not for the public employee.

Accounts were grouped in three clusters according to the perception of conflict or not, and the use of Twitter for information or for engagement. And performance is related with perception: if one thinks Twitter is good, the account will do well.

A caveat is that having a Twitter account has consequences for the inner organization of the local government.

Casual Politics: From slacktivism to emergent movements and pattern recognition
Ismael Peña-López. Lecturer, School of Law and Political Science (UOC).

9th Internet, Law and Politics Conference (2013)

IDP2013 (V): Criminal Law

Notes from the 9th Internet, Law and Politics Congress: Big Data: Challenges and Opportunities, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 25-26 June 2013. More notes on this event: idp2013.

Moderadora: María José Pifarré. Lecturer, School of Law and Political Science (UOC).

Digital Surveillance and Criminal Investigation: Blurring of Thresholds and Boundaries in the Criminal Justice System?
John Vervaele. Full time professor of economic and European criminal law at Utrecht Law School (the Netherlands) and Professor of European criminal law at the College of Europe in Bruges (Belgium)

Criminal law is about prosecuting suspects of alleged crimes. To do saw, some agents have coercive and sanctioning power. Within some boundaries and thresholds, which are utterly important. One of them is the jurisdiction to investigate. Only judicial authorities can investigate — or policial authorities under the supervision of judicial authorities. To investigate there must be suspicion, suspicion under a threshold for that: reasonable suspicion, probable cause, indices of criminality… The more the coercive the measure, the higher the threshold. And, very important, those are reactive measures, always ex-post, after a crime has been committed.

But there has been a paradigm change within criminal law itself.

The criminal justice tools/system are more and more used not to combat committed crime, but to prevent not only crime but even risks and threats. That is, to fight for security. Security is legitimating this change of paradigm. On the other hand, under new regulatory statutes, security agencies are being entitled with the powers of criminal justice.

What about the protective side of criminal justice? Protecting security has to be balanced with rule of law and other human rights. And the more the need (the “more security we need”), the lower the thresholds required to pursue criminal investigations. So low, that we have even shifted towards ex-ante actions, towards acting based on suspicions or risks or threats against security. Now, in this new paradigm, criminal justice-like powers are fighting to prevent the commission of crime, not to prosecute the actual commission of crime.

Plus, the Information Society has also influenced criminal justice and criminal investigation.

Having data before any criminal investigation is due, is very important. So, we have gone even further behind the suspicion that a crime will be committed, and we now gather data just in case. We now want to predict behaviour.

Summing up, we have gone from realinzing that a crime has been committed, investigating it and, thus, needing to gather data; to gathering data just in case, perform active surveillance (just in case too), and, in the end, trying to predict a threat that a crime could be committed (before it is actually or ever committed).

The combination of the change of paradigm and the influence of the Information Society on Criminal Law and Criminal Investigation is a major upheaval in the discipline. And it is a fact that this major upheaval is not restricted to national security, but is spreading to all other criminal offences.

New challenges for the protection of privacy in the age of the cloud.
Ivan Salvadori. Professor of Criminal Law and Criminal Computer Law at the University of Barcelona and Postdoctoral Researcher at Università di Verona (Italy)

Many threats of cloud computing: identity theft, computer damages, abusing private information, data theft, hacking/cracking, DDoS attacks, etc.

Entering an information system without permission, and breaking security measures, has been qualified as a criminal act.

The problem with some laws concerning illegal access to information systems is that e.g. employees of cloud servers or insiders will “never” actually break any security measure. But it can be addressed as “remaining” (too much) in the system beyond the managing needs.

In the same line, appropriation and illicit diffusion of codes for accessing information systems (e.g. cracking and distributing passwords) has also been considered crime in several regulation systems.

So, we do not need much more tools than the ones we already have to prevent or punish misuses of data in the cloud or illicit access to cloud systems.

The reform of the European regulation on privacy protection aims at providing a common frame for all these aspects, taking into account access to information, right to be forgotten, etc.

Discussion

Chris Marsden: do we find any historical precedent on this shift on criminal law or criminal investigation? Vervaele: I don’t think there is a recent precedent in such an increasing (con)fusion between the legislative, the judicial and the executive powers, at least not in the modern era.

Julián Valero: is it legitimate the delegate all data and all data management to third parties? Salvadori: depending of the law, this delegation could imply an abandonment of responsibilities and, thus, could be punished by the law. Vervaele: maybe the concept itself of “privacy” is obsolete, and we should begin to speak about “informational self-determination”.

9th Internet, Law and Politics Conference (2013)

IDP2013 (IV): Privacy (I)

Notes from the 9th Internet, Law and Politics Congress: Big Data: Challenges and Opportunities, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on 25-26 June 2013. More notes on this event: idp2013.

Moderator: Clara Marsan. Lecturer, School of Law and Political Science (UOC).

Preserving Privacy in Times of Counter Cyber-Terrorism Data Mining
Liane Colonna. The Swedish Law and Informatics Research Institute. Stockholm University, Doctoral Candidate.

Terrorist use of the Internet: Communicate, recruit, fundraise, train, launch propaganda videos, etc.

Which poses surveillance challenges: filter terrorist communications, locate terrorist communications, uncover terrorist identity hiding, etc.

Data mining:

  • can make sense of huge amounts of data.
  • creates “new” knowledge.
  • can generate hypotheses. You do not need a prior theory.

Data mining is “seeing the forest from the trees”.

Governments cannot disclose their data mining procedures as they would enable criminals to circumvent their practices by changing their behaviour.
How do we get both security and privacy?

The European Court of Human Rights asks for:

  • is there an interference?
  • is the interference justified?

The problem is how to balance legality, legitimacy and proportionality. Are there procedural safeguards that limit the scope of the law?

Analysis of  the European legislation on transfers of Passenger Name Record (PNR) within the framework of the fight against international terrorism
Alicia Chicharro. Profesora contratada doctora de Derecho Internacional Público de la Universidad Pública de Navarra

What happens when huge amounts of data are transferred to national security agencies? Usually, security wins in the trade-off with privacy.
When different countries require the collection of data from air voyagers, some incompatibilities may arise between different countries’ regulations. What to do? What can airlines do to accomplish both regulations (origin and destiny)?

The European Union has bilateral agreements with the US, Canada and Australia. And all of them are different among them: they have different goals, different sets of data to be shared/transmitted are defined, different time-spans where data can be used, and, indeed, they all rely on the domestic (destiny) regulation to be able to tell what rights to apply to the European citizen facilitating their data.

One of the problems with EU regulation on international data transission is that it has always been reactive to the demands of third countries. The EU should be more proactive and try and agree on shared regulation that lies within some red-lines drawn by the EU itself.

Protection of personal identity in face of untrue statements on the web
María Dolores Palacios González. Profesora Titular de Derecho civil de la Universidad de Oviedo.

What happens when a person is attributed the authorship of a text they have never written? Can they claim “non-authorship”? To whom? How? e.g. the Wikipedia entry for a write attributes to him being the author of a work when they are not the authors, and the Wikipedia managers will not change the entry despite the “author” clarifying that they never wrote that piece.

Some laws (e.g. in Germany) consider illicit attributing to someone writings that they never penned, especially when these writings can confuse the image or the personal identity of that person, e.g. by identifying them with ideologies that they do not share.
This would be a right to one’s identity but not from the usual approach of the issue. This may be necessary as the Internet has changed dramatically the potential to alter one’s words or ideas. And there is no other approach to this issue from other perspectives: privacy, identity, intellectual property rights, etc.

Maybe the best approach would be the one that applies to mass media: the right to rectification, that is, the right to be presented in society the way one wishes best. The problem is that the Internet has multiplied the difficulties to identify what is a medium, who is the owner/administrator, who is the responsible for a specific bunch of content, etc.

Discussion

What should be stored and what can be already been used “because it’s out there”? Colonna: sure the line should be laid around the principle of proportionality… wherever this principle may lay.

Clara Marsan: Is there any research on the impact on privacy vs. the performance of surveillance practices? Literature on “traditional” surveillance usually says that the impact on privacy is much bigger than the successes against terrorism. Colonna: the problem is that most of this information is classified, so there is no way of telling the impact or the benefits of digital surveillance.

9th Internet, Law and Politics Conference (2013)