ICTlogy

Moderator: Clara Marsan. Lecturer, School of Law and Political Science (UOC).

Preserving Privacy in Times of Counter Cyber-Terrorism Data Mining
Liane Colonna. The Swedish Law and Informatics Research Institute. Stockholm University, Doctoral Candidate.

Terrorist use of the Internet: Communicate, recruit, fundraise, train, launch propaganda videos, etc.

Which poses surveillance challenges: filter terrorist communications, locate terrorist communications, uncover terrorist identity hiding, etc.

Data mining:

• can make sense of huge amounts of data.
• creates “new” knowledge.
• can generate hypotheses. You do not need a prior theory.

Data mining is “seeing the forest from the trees”.

Governments cannot disclose their data mining procedures as they would enable criminals to circumvent their practices by changing their behaviour.
How do we get both security and privacy?

The European Court of Human Rights asks for:

• is there an interference?
• is the interference justified?

The problem is how to balance legality, legitimacy and proportionality. Are there procedural safeguards that limit the scope of the law?

Analysis of  the European legislation on transfers of Passenger Name Record (PNR) within the framework of the fight against international terrorism
Alicia Chicharro. Profesora contratada doctora de Derecho Internacional Público de la Universidad Pública de Navarra

What happens when huge amounts of data are transferred to national security agencies? Usually, security wins in the trade-off with privacy.
When different countries require the collection of data from air voyagers, some incompatibilities may arise between different countries’ regulations. What to do? What can airlines do to accomplish both regulations (origin and destiny)?

The European Union has bilateral agreements with the US, Canada and Australia. And all of them are different among them: they have different goals, different sets of data to be shared/transmitted are defined, different time-spans where data can be used, and, indeed, they all rely on the domestic (destiny) regulation to be able to tell what rights to apply to the European citizen facilitating their data.

One of the problems with EU regulation on international data transission is that it has always been reactive to the demands of third countries. The EU should be more proactive and try and agree on shared regulation that lies within some red-lines drawn by the EU itself.

Protection of personal identity in face of untrue statements on the web
María Dolores Palacios González. Profesora Titular de Derecho civil de la Universidad de Oviedo.

What happens when a person is attributed the authorship of a text they have never written? Can they claim “non-authorship”? To whom? How? e.g. the Wikipedia entry for a write attributes to him being the author of a work when they are not the authors, and the Wikipedia managers will not change the entry despite the “author” clarifying that they never wrote that piece.

Some laws (e.g. in Germany) consider illicit attributing to someone writings that they never penned, especially when these writings can confuse the image or the personal identity of that person, e.g. by identifying them with ideologies that they do not share.
This would be a right to one’s identity but not from the usual approach of the issue. This may be necessary as the Internet has changed dramatically the potential to alter one’s words or ideas. And there is no other approach to this issue from other perspectives: privacy, identity, intellectual property rights, etc.

Maybe the best approach would be the one that applies to mass media: the right to rectification, that is, the right to be presented in society the way one wishes best. The problem is that the Internet has multiplied the difficulties to identify what is a medium, who is the owner/administrator, who is the responsible for a specific bunch of content, etc.

Discussion

What should be stored and what can be already been used “because it’s out there”? Colonna: sure the line should be laid around the principle of proportionality… wherever this principle may lay.

Clara Marsan: Is there any research on the impact on privacy vs. the performance of surveillance practices? Literature on “traditional” surveillance usually says that the impact on privacy is much bigger than the successes against terrorism. Colonna: the problem is that most of this information is classified, so there is no way of telling the impact or the benefits of digital surveillance.

Moderator: Marc Vilalta Reixach. Lecturer, School of Law and Political Science (UOC).

Regulating Code: Towards Prosumer Law?
Chris Marsden. Professor of Law, Law School, University of Sussex
Ian Brown. Senior Research Fellow at the Oxford Internet Institute, Oxford University

(Communication after the book Regulating Code. Good Governance and Better Regulation in the Information Age by Brown and Marsden).

We certainly are prosumers, but we are sure not super-users or geeks. Most US academic arguments for self-regulation may work for geeks, but not for the remaining 99% of users/prosumers.

What regulation teaches us about code? We need more ex-ante — added to ex-post — intervention. More interoperability and open code/data procurement. And a certain biased policy towards open code.

Prosumer law suggests a more directed intervention: solutions for problems of dominant networking sites, preventing erecting fences around a piece of information and the commons, etc.

It is not sufficient to permit data deletion, as that not only covers the user’s tracks. Interconnection and interoperability, more than transparency and theoretical possibility to switch. The possibility for prosumers to interoperate to permit exit.

Increased interoperability would increase transparency while not increasingly “data hazard”.

Regulation as a Mechanism to Encourage Competition in the Area of Telecommunications: Towards the Concept of Emulated Competition
Humberto Carrasco Blanc. School of Law, University of Edinburgh, Doctoral Research Student

Neoliberalism is about liberalization, deregulation and privatization. The underlying idea is to boost competence, understood as a good thing. In telecommunications, we are moving from sectoral regulation to competence law. The question being: what is better, sectoral regulation or competence law? Or are they both compatible? Or is it a matter of time, being sectoral regulation good for the early stages and as a temporal solution, until competence law can be the main tool at use?

Some examples in the US show that sectoral regulation is incompatible with competence. In these cases, sectoral regulation prevailed over competence law.

On the other hand, in Europe cases have proven the compatibility between sectoral regulation and competence law.

In the case of Chile, after a very early (de)regulation of the sector and a major preponderance of competence law, some new sectoral regulation was approved especially to protect some “public goods” based on telecommunications.

Emulated competence would be a legal framework whose aim would be promoting competence (thus acting as competence law) but including some ex-ante conditions (regulation) to protect some specific goods and services. An underlying goal is to promote competence to end up with monopolies, but trying to avoid actual oligopolies.

Big Data in Public Administrations: the difficult equilibrium between efficacy and the guarantee of citizen’s rights
Julián Valero Torrijos. Profesor de Derecho Administrativo. Universidad de Murcia. Coordinador del grupo de investigación iDerTec (Innovación, Derecho y Tecnología)

How can big data be used by governments to issue sanctions? But it is not about “digitizing” the Administration, but about innovating processes. For instance: could Big Data be used to check whether the declared income to the tax agency fits with the perceived wealth/consumption-level of a specific citizen on social networking sites?

What are the legal consequences of such an action?

Discussion

Agustí Cerrillo: how does the new Spanish Transparency Law fits in the era of Big Data? Valero: it does not. It is a Law that will be born already old.

Hildebrandt: what happens with reutilization of public information? Can the government reuse it (even for different purposes for the ones which citizen information was provided for)? Valero: on the one hand, why not? why not enabling reutilization of public information? On the other hand, there is a issue concerning privacy. Dissociation of information and identity would be an option, but the problem is that it is becoming increasingly easy to perform reverse engineering and relate identities to information. Of course, different finalities my require consent, but that would put a lot of stress on the government’s part. Maybe transparency (letting the citizen know all the different purposes) would settle the problem.

Mireille Hildebrandt. Professor of Smart Environments, Data Protection and the Rule of Law at the Institute for Computing and Information Sciences (iCIS) at Radboud University Nijmegen
Slaves of Big Data. Are we?

Big data says that n = all.

We are worshipping big data, believing in it, as if it was “Godspeech” that cannot be contested. But it is developed by governments, businesses and scientists.

Defining Big Data

Things one can do at a large scale that cannot be done at a smaller scale, Mayer-Schönberger & Cukier.

The non-trivial process of identifying valid, novel, potentially useful, and ultimately understandable patterns in data, Fayyad et al.

We assume that machines can learn. Despite this being true, the question is whether us (humans) can anticipate this learning and make it useful.

Normally, quantitative research means assuming a hypothesis, a test upon a representative sample, and trying to extrapolate the results of the sample on the general population. But big data, as the sample grows, uncertainty reduces. This has implied a movement towards ‘Datafication’, where everything needs to be recorded so that afterwards it can be treated. We translate the flux of life into data, tracking and recording all aspects of life.

Exploiting these data is no more about queries, but about data mining. And creating ‘data derivatives’ which are anticipations, present futures of the future present (Elena Esposito). And it is also about a certain “end of theory” (Chris Anderson) where a pragmatist approach makes us shift from causality (back) to correlation. We also move away from creating or defining concepts, which in turn shape the way we understand reality. We move from expertise to data science. Are we on the verge of data dictatorship? Is this the end of free will?

There are novel inequalities dues to new knowledge asymmetries between data subjects and data controllers.

What does it mean to skip the theory and to limit oneself to generating and testing hypotheses against ‘a’ population?

What does the opacity of computational techniques mean for the robustness of the outcomes?

Personal data management in the age of Big Data

Should we shift towards data minimisation? Towards blocking access to our data?

New personal data typology needed for data protection: volunteered data, behavioural data, inferred data.

The ones performing profiling after Big Data, for data protection to be a protected right, these agents should provide all kinds of information on how this profiling is being made, with especial attention to procedures and outcomes.

If we cannot have “privacy by design” we should have personal data management, context aware data management.

Personal data management: sufficient autonomy to develop one’s identity; dependent on the context of the transactions; enabling considerations of constraints relevant to personal preferences (Bus & Nguyen).

A rising problem: we will eventually be able to market data and make profits from it. Do we have any ethical approach towards the way these data were obtained? or how and when were they created?

Who are we in the era of Big Data?

Imperfection, ambiguity, opacity, disorder, and the opportunity to err, sin, to do the wrong thing: all of these are constitutive of human freedom, and any attempt to root them out will root out that freedom as well, Morozov.

So, where is the balance between techno-optimism and techno-pessimism?

Luhmann’s Double Contingency explains how there is a double contingency in behaviour and communications, as one can choose from different options how to act, but this action will have different ranges of reactions on third parties. Are we preserving this double contingency in the era of Big Data? Do big data machines anticipate us so much that we get over contingencies at all?

What if it is machines that anticipate us? What if we anticipate how machines anticipate us?

Caveats

• Datafication multiplies and reduces: N is not all, not at all.
• We create machines like us… do we increasingly are like machines?
• Monetisation as a means to reinstate double contingency. Total transparency by means of monetisation.

Can we move from overexposure to clair obscure? Can we build data buffers to avoid overflow?

Discussion

Chris Marsden: How can we make policy-makers take into account all these important issues? Hildebrandt: there are two big problems with Big Data (1) enthusiasm that Big Data will solve it all and (2) huge business opportunities of business around Big Data. There sure is a way to “tweak” business models so that privacy and business opportunities and innovations can actually coexist. Capitalism sure has ways to achieve a balance.

Hildebrandt: big data, monetisation, etc. will surely change the ones we are. The question being: should we be always the ones we are? Instead of privacy, we should maybe shift to concentrating on transparency, on knowing what things happen and why things happen. For instance, can we put more attention on what we need to solve and not in what solutions are available? That is also transparency.

Moderator: Miquel Peguera. Lecturer, School of Law and Political Science (UOC).

The Exceptions’ Sun Also Rises: When Fair Use Is the Solution.
Pedro Letai. Professor of IE Law School

There is a need to restore the legitimacy of copyright. But, of course, re-balancing its role before other rights. And we have to go back to the origins of copyright: incentivating creation.

These incentives have limits and exceptions: private copying, incidental use, academic use, quotation, parody, etc. But these limits should not be harming the legitimate activities of rights holders.

The problem is that users (user generated content), search engines, etc. are doing cutting edge uses that are not appropriately contemplated by the Law.

So, the norm should be a little bit more open so not to harm neither the creation of authors nor the creation by non-professionals, the diffusion of the creation of the former or just emerging industries based in digital content.

3d Printing, the Internet and Patent Law – A History Repeating?
Marc Mimler. Queen Mary Intellectual Property Research Institute, Centre for Commercial Law Studies (CCLS), Queen Mary University of London

3D printing was initially thought for rapid prototyping. 3D would normally begin with a designer drawing the blueprints of the object to be printed, but scanners have evolved enough to be able to scan 3D objects, map them and then be able to replicate them on 3D printers.

Some advantages: reversing offshoring low-cost labour economic activities, reducing the environmental impact by reducing transportation of goods, empowerment for the end user that can now print their own designs, etc.

On the other side, 3D printing can imply direct patent infringement (creating replicas and counterfeit). But also indirect patent infringement, as virtually anyone can create those replicas.

There are some differences though: how the invention is put into effect, how the patented product is produced (as sometimes the process is part of the patent, or sometimes it is just the process what is the object of the patent), etc.

3D printing means that is not only copyright that has to be rethought in a new digital realm, but also patent law.

Intellectual Privacy: A Fortress for the Individual User?
Irina Baraliuc.Research Group on Law, Science, Technology & Society (LSTS), Vrije Universiteit Brussel (VUB), doctoral researcher

There is a public debate on fundamental rights in the digital context, which has ensued a judicial activity on the balancing of fundamental rights.

Julie E. Cohen defines intellectual privacy as the breathing space of intellectual activity: informational privacy, spacial privacy. Neil M. Richards speaks of ability do develop ideas without any interference: freedom of thought and believe, spatial privacy, freedom of intellectual exploration, confidentiality.

These concepts are very related with privacy, data protection, freedom of thought, freedom of expression… and copyright.

Concerning privacy and data protection, there are some points to be made: how the lack of copyright in the private space can affect creationor intellectual privacy; how DRM can affect it too, etc.

Surveillance can affect freedom of thought and thus creation, intellectual activity and intellectual privacy.

We have the build a copyright-concerned private space online, taking into account intellectual “privacy” or “freedom”, “self-determination” or “autonomy”.

Discussion

Pedro Letai: more that having a comprehensive approach, what we should be thinking about is that there is a change of paradigm (from “everything closed” to “everything open” by default). And maybe regulations should be made according to the later paradigm, and thinking more on diffusion of one’s work, rather than (only) providing incentives to creation (of new works).

Fundació puntCAT — the organization behind the .cat “country” code top-level domain (ccTLD) — is going through a process of strategic reflection on what should its mission be in the following years. As a part of its Advisory Council, I have been invited to provide my insights. Here comes what could be called my “position paper” on the matter. Some of the ideas have been enriched with the dialogue with other members of the Advisory Council, which actually shared most of my points of view.

The need for a transversal, independent institution to foster the Information Society

There are two main issues to be raised about the nature of an institution that has in their mission fostering the Information Society.

The first one is that it has to have a transversal, multidisciplinary approach to the topic. This is rarely found in governments, where such an institution is placed in the organizational chart of a another vertical institution, that is, a given ministry or department. In practice, this means that if the institution is e.g. the Ministry of Industry, the approach when fostering the Information Society will definitely be biased towards infrastructures and the ICT/telecommunications industry — which is the most common example indeed. A solution to this problem is placing our institution that fosters the Information Society up in the department/ministry/cabinet/secretariat of the President or similar. This will work only under two premises: (1) there is no coalition of different parties within the government, so that the government is not split in practice in sub-governments among parties; (2) there are no different factions within the party in the government that fight among them for power — this will rarely happen if ever. Another solution is placing our institution outside of the Government and in hands of the civil society.

The second aspect is that this institution has to be independent. Some of the reasons have already been stated above: only an independent institution can provide advice to policy-makers in matters of Health, Education or Democratic Quality without the risks of being interpreted as a party issue (and not a technical one). But independent does not only means in political terms, but economic ones. A major strength that some institutions of this kind have — like Fundació puntCAT or ICANN itself — is that they have revenues that sustain their activity besides the political colour in the government or the interests of the lobbies.

Functions of an institution to foster the Information Society

There are two sides of the same coin when talking about the functions that can be carried on by institutions to foster the Information Society.

On the one hand, these institutions can provide services in order to assure economic (and political) independence and sustainability. Of course these services will be related with the institution’s mission (e.g. managing a ccTLD). This is the “revenue” side of the institution, especially if it is independent as we defined it before. On the other hand — and this is the point that I would like to stress —, these institutions have an “expenditure” side which focuses on policy-making, on lobbying. Both sides are complementary and essential.

Concerning the part of policy-making and lobbying, I think it is worth mentioning that it is the demand side what is of more concern, especially where a good amount of infrastructures have already been deployed, thus shifting from push to pull strategies.

In this demand-side, pull-strategy approach, there are three issues that are worth being mentioned, and in this specific order:

1. Measuring and analysing the state of development of the Information Society. That is, knowing what is happening and, even more important, why. So, it is not only about the raw measurement and putting data in rows in a table, but putting it in context with other socio-economic indicators, infer the causes of this state of development, its consequences, comparing it with other social or economic realities, etc. Most of the times, data on ICTs come in a much aggregated and sector-centred manner: there is a need to disaggregate, contextualize and characterize these data so that they become knowledge.
2. Provide policy advice on what should be done, in what fields, with what priorities, and adjusting to the available resources. And not only providing advice, but also pointing at the ways to monitor the evolution and measure the impact of applying such policies, what results could be expected and, again, why. Providing policy advice can be made in a lot of ways. The usual one is reports or white papers. But consultancy (which can be pro-bono, of course) and lobbying should also be included in the agenda. And, of course, advice can be provided at different levels: at the state/government level, or at the organization (e.g. SMEs) or individual levels.
3. Directly setting up and carrying on programmes for the development of the Information Society. In other words, designing programmes and executing projects in the field of e-Health, ICT and education, electronic and open government, etc. These programmes and projects, of course, should be very much in line of the two previous points: heavily relying on the evidence raised in the measuring and analysis part, and putting in practice what the policy-advice stage suggested. Deploying protocols and procedures, measuring tools and indicators for monitoring would be the nicest way to close the (virtuous) circle of intervention.

It goes without saying that, in a Network Society, it is not expected that an institution will (a) directly perform all of the aforementioned tasks or functions and (b) do it on its own. I believe there is an opportunity for a new institutional design, more based on enabling that on leading, more based on networking and partnering rather than on competing. I would expect of an institution designed to foster the Information Society to be the visible core of a network of professionals, scholars and policy-makers that work towards the same goal. And the main role of this institution would just be generating the sufficient resources to create, maintain and fuel this network.

Round table on Citizen participation and presence of the Parliament in the Net. Chairs the Vicepresidente 1º del Senado D. Juan José Lucas.

D. José Antonio Manchado Lozano. Senador del Grupo Parlamentario Socialista.

Citizens have to participate, to engage in the management of public things.

Institutions can ignore them, listen to them or even sit and talk with them. Given the fact that politics is hugely discredited, it is maybe time to sit and speak with people in order to regain legitimacy and trust in institutions.

There is a big difference between transparency, which is a responsibility of institutions, and participation, which comes from an engaged citizen. Transparency is the duty of institutions, participation is a right of the citizen. And participation has to be fostered. Participation is not only be informed, or accountability, or tell one’s opinion, but being also able to have an influence in decision-making. So, the Senate — and Parliaments in general — should enable the participation of citizens in their daily work, so that nothing that happens within the Parliament’s walls has not been co-participated by the citizens.

It is important noting that the world wide web does not begin and end in the Senate’s web page: this is only the institutional headquarters of the Senate, but people are everywhere in the Net, especially social networking sites.

D. Narvay Quintero Castañeda. Senador del Grupo Parlamentario Mixto.

The website of the Senate could turn into another chamber, to be added to the existing parliamentary groups, commissions, etc. Websites or social networking sites can be used to bridge the chasm between the citizenry and politicians as they are open gates for information sharing and conversation.

D. Ismael Peña-López. Profesor de Derecho y Ciencias Políticas de la Universitat Oberta de Catalunya.

D. David Álvarez. Analista Político en Redes Sociales.

Who are the actors of online politics?

• Citizens as individuals: they are not waiting to participate, they are already participating in political initiatives. E.g. Qué hacen los diputados, Proyecto Avizor, Graba tu pleno, Tu Derecho a Saber, Stop Desahucios, Democracia 4.0.
• Politicians as individuals.
• Political organizations.
• Institutions.
• Media.

Citizen activism in the Net:

• Intensive use of social networking sites.
• Collective intelligence: collaboration, participation, co-creation.
• Financing practices: crowdfunding.
• Data journalism-based practices.
• Elimination of intermediaries.
• No one has the exclusivity of knowledge.
• Shared political experiences.

Political institutions are not usually very active in social networking sites. Indeed, there are more people not directly related with political institutions talking about them on social networking sites than people directly related with these institutions.

Survey on “Social intelligence” by Territorio Creativo:

• Does the institution measure the impact of its communication on the Net?
• Does the institution have spaces for interaction and collaboration?
• Does the institution have a protocol for interacting with the citizen in social networking sites?
• Does the institution listens to what is being said in social networking sites?
• Does the institution measure its online reputation?
• Does the institution use the Internet for pattern recognition, to identify behaviour trends?
• Does the institution share information within the institution?
• Does the institution foster open innovation?