Over 80 participants gathered in this workshop to talk about the balancing act between security and law enforcement on the one hand and individual rights to freedom of speech, to having a free flow of information, and rights to privacy on the other hand.
Panelists were Milton Mueller (privacy advocate and professor at Syracuse University), Katitza Rodrigues (EFF, international rights director), Cornelia Kutterer (Microsoft), Iarla Flynn (Google's Head of Public Policy for Australia and New Zealand) and Alexander Seeger (head of Cybercrime Division in the CoE). Moderator was Emily Taylor (independent consultant in Internet Law and Governance).
Companies and government institutions across the globe are increasingly under attack from hackers, criminals and hactivists, while non-democratic countries and governments increasingly turn to digital surveillance tools to monitor their citizens online. Human rights activists and NGO’s fight for fundamental rights on the web, including data protection, while Web 2.0 developers declare privacy as something of the 20th century . This workshop looked at the merit of these assumptions.
Cornelia Kutterer began by setting out that times in European politics are exciting, because in many countries governmental policy is currently being revised. Think of the draft privacy regulation and the intermediary liability that are currently discussed, the new child safety strategy that is put in place, and the forthcoming European cyber security strategy to be issued by the European Commission. She has also noticed that similar developments are taking place in other member states and that they actually refer to each other, which Cornelia thinks is a good thing. Most of the European national cyber security strategies that are emerging in member states do actually include openness and freedom as well as cyber security.
But the devil is in the detail, Cornelia warned. For example, in order to secure accounts of customers, sometimes information needs to be shared. And that is now recognized in the draft privacy regulation. But only in a short recital. It must be clearer that information in particular circumstances may have to be shared.
Milton Mueller approached the question from a social scientist point of view, who study basically science technology and society. He explained the ins and outs of Deep Packet Inspection (DPI) and what went wrong there. Deep Packet Inspection was meant to manage and control band width. Many of the Internet service providers made the mistake of simply implementing this, just because they had the unilateral power to do so, without notifying their customers, and without having any kind of permission, which you would normally expect them to do, when implementing new technologies. But when these technologies are disruptive and mix up power in relationships among actors, that's when things go wrong, he said.
Milton also calls for activists, activist organizations, net neutrality activists, privacy activists to constantly monitor, survey the survey users, and to actively make a statement when something happens that they think is rebalancing or unbalancing rights. Because usually the government in terms of traditional data protection regulation is not very thorough with new technologies until a problem arises. According to Miltons research ‘digital referees’ will have quite an important role to play.
Katitza Rodrigues said the role of society is very important for actually monitoring and seeing to what companies and governments do, how they collect and access our data, whether or not they use them and whether or not they have legal grounds to access it. Not only governments but also companies should notify users when particular data are in demand more than usual. Katitza thinks there is a lack of transparency and secrecy within governments and she pleads for principles that determine how governments have to deal with data.
Iarla Flynn thinks that privacy must be underpinned by good security. He agrees with Katitza that one of the key things is transparency. Google actually launched a report in 2010, the Google Transparency Report, which lists and shows in table and map format all the requests that they get from governments around the world for access to user data. Iarla admits that in many cases it is important to provide such data, because they believe they are valid requests. However, they check them all nonetheless.
It is also about proportion and balance, Iarla said. He thought there's a proportionality principle. The police does need some powers to fight crime, but we need to get the balance right between the risks and costs that those powers might create versus the benefit for society and successfully tackling crime.
Alexander Seeger disagreed as he thought it is not a question of balance. He said governments have positive obligations to protect citizens, society, against crimes because crime affects the rights of individuals. He pleaded for better justification if governments wanted to interfere in the rights of people. There is a need for rules that respect fundamental rights, rule of law, Human Rights issues but also data protection issues. Therefore Microsoft, ISP organizations and police agencies together developed guidelines on how law enforcement and ISPs could cooperate in a constructive manner while respecting those principles, he concluded.
Cornelia Kutterer reacted by saying that those recommendations do not sufficiently cover how service providers should implement guidelines and that those recommendations do help companies to actually implement in a corporate social responsibility way. She also mentioned the Global Network Initiative (GNI) , which Microsoft and Google participate in. GNI is a non-governmental organization with the dual goal of preventing Internet censorship by authoritarian governments and protecting the Internet privacy rights of individuals.
Katitza added that cooperation of companies is sometimes not so much voluntary but that it is rather political pressure which makes them comply with certain obligations. She pleads for the discussion to focus more on granularity, to create more obligations for this kind of conduct.
Iarla reacted by remarking that a lot of good principles are being developed. They may have some overlap but that’s not really a problem. The good thing is that a lot of work is going on that helps guide the development of good public policy in this field. Next he started a debate about something that was happening in Australia right then, where they wanted to implement legislation which requires the retention of various types of data for two years.
Someone in the audience emphasized that retention of data is important because sometimes crimes are not discovered on the spot or directly after the deed has been committed, so it's very important to find proof, he said.