Wednesday, March 30, 2016

Seminar 5 Position Statement: Prof. Peter Mantello

The Machine that Ate Bad People:    

The Bio-politics of Sentient Machines, Anomic Spaces, and Neo-Security Assemblages

 Prof. Peter Mantello,

Ritsumeikan University, Japan

The rise of smart cities, intelligence sharing fusion centers, RFID chips, and intrusive  biometrics highlight the growing imperatives of bio-political regimes to impose efficiencies  in all facets of human existence, and, importantly, manage uncertainty. Since 9/11, the  politics of pre-emption and economy of risk have created an increasingly porous alliance of  law enforcement/security agencies, communications/tech companies, and other corporate  enterprises dedicated to constructing a multi purposed, networked juridical and disciplinary  neo-security assemblage. Initially premised on identifying threats by data mining  purportedly suspicious forms of online behavior from search habits, financial transactions,  credit card purchases, travel history and email communications, next generation security  systems have shifted their operational focus from nescient machines that simply connect  given dots from the past to becoming intelligent, assemblages capable of integrating data  from a multitude of nodes in order to foresee the future. 
The most salient feature of predictive analytic assemblages belongs to burgeoning field of  computational science known as  machine learning , where computers learn to think for  themselves by sifting massive volumes of data to ascertain patterns and discern anomalies.  For example Hitachi’s Visualization Suite for Public Safety 4.5 suggests that the key to  ‘better’ government lays in the visual and geospatial integration of public and private fix  and moving assets  (Hitachi, 2015). Such developments will be amplified through continued  advances in distributed computer systems, quantum processing, and effectively limitless  data storage. 
While beta versions such as Hitachi’s are now being piloted in real world environments, the  political and social implications are far reaching and understudied. Not only are such  assemblages predicated on the continued normalization of exception, they allow risk  regimes to make the public and private distinction more elastic and in turn, threaten  fundamental privacy rights by encouraging the widening of its physical nodes. This includes   deputizing  [or simply appropriating] private/commercial surveillance cameras, GPS  devices, and social networks, and encouraging the proliferation of eavesdropping tools in smart phones, web browsers, TV sets, game consoles. The extension of juridical reach and disciplinary sight is also augmented through the growth in consumer oriented mobile  security products that encourage voluntary buy in to the neo security assemblage, such as  the iPatriot smart phone app that networks  patriotic citizens , allowing them to report  suspicious activities and persons directly to federal agencies and transit authorities.  Moreover, sentient assemblages are largely driven by neoliberal incentives to take human resource (and the state)  out of the security loop and –as the argument goes -  increase  efficiency, eliminate human error and insider threats. For citizens, they imply accepting  control as the price of safety.  And the lack of human oversight also implies an anomic gap  (of sovereign authority) when deciphering the norm from the anomaly at the point of  action, as well as the opacity of political accountability in the event of the inevitable false  positives.
This paper examines the biopolitics of securitization when data led regimes empower  sentient neo-security assemblages as surrogate forms of sovereign authority and decision.  Projecting the writings of Massumi, Agamben and Amoore into the realm of sentient  machines, I argue that while such assemblages seek legitimacy by offering the widely  admired [if often unproven] predictability, impartiality and objectivity of techno- scientific  solutions their ultimate goal is merely to preempt immediate threats to the body politic by  extending juridical reach and disciplinary sight. I also explain the longer term effects—and  arguably intent—of sentient neo-security assemblages is to preserve the domains of their  masters, who will control immense existential and predictive data that will allow them to  shape public perceptions and quell possible opposition, thereby ensuring the exception  incontrovertible and infinite life. 

Seminar 5 Position Statement: Dr. Madeline Carr

Madeline Carr,
Politics & International Relations, Cardiff University
Connecting the Micro and the Macro in the Data PSST Project
There are a number of points of tension that arise when we begin to discuss issues of privacy, surveillance, security and trust – many of them have been explored to great advantage in the  previous seminars and many of them will feature in the special journal issue that will be produced at  the end of this process. In a way, though – the central tension arises from the question of perspective, and consequently, definition. Privacy to do what? Communicate with friends or plan  criminal activity? Security of what? The individual or the state? Surveillance by what means? By  CCTV cameras that we can see and are aware of? Or by methods like those used in the Prism  program about we are uninformed and have not given consent? In many ways, these tensions come  down to collective or individual conceptions of these four key terms. And in many ways, these  tensions are indicative of broader fears and concerns that animate contemporary (Western   societies.
With this seminar, we hope to bring into the conversation some of the challenges of reconciling  these tensions across borders. In the international. Beyond the state. Of course, thinking in terms of international relations when discussing the Internet or other digital technologies is, some will argue,  counter intuitive or even out dated. And to some extent, that may be the case. Digital technologies certainly challenge conceptions of borders, states, territory and even political communities in a  whole range of interesting and profound ways. But governments remain important actors in these  practices and they also remain important representatives of individual rights. Although we may disagree with many government approaches to the issues we have been discussing over the past 18 months, there remains an important relationship between civil society (or let’s just call them people) and the state. And to an extent, this relationship already transcends individual rights and expectations of privacy and security.
We believe that it is essential to take into account the international dimension if we wish to fully  comprehend what digital technology means for the individual. And knowing that individual conceptions of these issues vary so significantly, it will be no surprise that state level conceptions do  as well. How then, do we begin to unravel the tensions that have been so well articulated in these  seminars when we look beyond the state? What are some of the key challenges of harmonising international approaches to these tensions? And if we accept that a universal approach is unlikely, how do we begin to think about a more plural approach that can accommodate difference? I believe  that ideology and a whole range of assumptions about the ‘good’ or ‘bad’ of different approaches  inhibits thinking more creatively and more progressively about what, at the end of the day, are  questions fundamental to the human condition. And to human rights.

Seminar 5 Postion Statement: Dr Rocco Bellanova

‘Data protection thinking’ – understanding its potential and testing its limits against mass-surveillance

Rocco Bellanova

Peace Research Institute Oslo (PRIO) and Université Saint-Louis – Bruxelles (USL-B)

The main goal of this contribution is to sketch a critique of what I suggest to call ‘data protection thinking’. The purpose is to both understand its potential and test its limits when it comes to grasp and possibly resist mass-surveillance.
If privacy is said to be dead, data protection regulation might be considered alive and kicking. A major reform of its European Union (EU) legislative framework is close to formal adoption, after four years of debates and several hundred amendments. Eventually, the two new EU legal instruments should deeply influence the everyday of a myriad of different actors, from European governments to individuals and companies around the world. Data protection has also been at the centre of recent judgments of the EU Court of Justice. Two prominent cases - concerning the Data Retention Directive and the Safe Harbour Decision – touched upon key features of contemporary mass-surveillance practices: their international dimension and their public-private entanglement. Actually, discussions about the role and capacity of data protection to regulate and contain surveillance should be no surprise in a context marked by the proliferation of devices producing digital traces and of algorithms promising far reaching detection and prediction capabilities.
Actually, data protection and security measures increasingly operate, if not always at the same time, at least on the same elements. For example, when it comes to the introduction of EU or international schemes for the surveillance of Passenger Name Records (PNR), passenger data become the site of both the actions and interactions of data protection and security practices. However, a closer analysis of the encounters between data protection and surveillance invites us to stop conceiving data protection only in terms of a (residual) counterpoint to data-driven governance, but rather as a proper form of governmentality. In other words, data protection actively participates both to the government of people and things through data, and to the questioning of specific forms of governing. It is both government – a continuous effort of dis/ordering – and mentality – the reflexive effort to make sense of different forms of dis/ordering.
This obliges us to engage even more closely with ‘data protection thinking’, because its governmentality is neither univocal nor self-sufficient. On the one hand data protection thinking helps us interrogate the way in which specific security practices are deployed, and the way in which they capture, enrol and bend many diverse elements (such as passengers, regulations, commercial services, software). But data protection thinking often plays a substantial role in the deployment of these security practices: it can legitimize, influence and smooth their design and implementation.
I believe that, far from being the golden solution to mass-surveillance, data protection thinking can teach us something worthy. I will attempt to show social sciences scholars the pros and cons of embracing data protection thinking: as research object and/or as epistemic mind-set. To do so, I propose a brief exploration of the making of the EU PNR security program, the first European big data surveillance system.

Tuesday, March 29, 2016

Seminar 5 Position Statement: Dr Paul Lashmar

The Problems of Accountability in an Age of Mass Surveillance

Paul Lashmar

University of Sussex

If you go to the Cryptome website submissions for the 10 February 2016 you will find a document marked GCHQ Malware /Boing Boing. It is a GCHQ document “HIMR Data Mining Research Problem Book” shared by the Five Eyes and one of the documents leaked by Edward Snowden that has been released into the public domain. It is marked ‘UK TOP SECRET STRAP1 COMINT US/CAN/NZ/UK/US EYES’.

Snowden says of the document: “This GCHQ research report dated 20 September 2011, co-written by researchers at Heilbronn Institute for Mathematical Research HIMR based at the University of Bristol, concerns the use of data mining techniques to develop usable intelligence as well as the contradictions that arise from the use of algorithms to identify wrong doers, or potential wrong doers. The paper also provides a great deal of background information on GCHQ operations and the detailed discussion of network theory demonstrates the power of metadata collection.”

Putting aside academic involvement in intelligence, the issue this document brings to the fore is this: Here is a 99 page document on big data problems for GCHQ and the complexity of the programmes, methods and mathematics it refers to is such that you would have to have a good level of knowledge of GCHQ projects and a good grasp of relevant programming and associated maths to make much sense of the content. And this document was written for a wider than a specialist audience!  I chose this document not at random, as I was just updating myself with what had been recently added to Cryptome, but because it struck me it is an example of how difficult it is to monitor the modern SIGINT intelligence service. Of course, even if you went back to Alan Turing and Bletchley Park you would find programming and maths problems that few but specialists could have grasped. It is question of scale. GCHQ has expanded massively in the last ten years as has its data capture capability and what we now have is part of a huge intelligence-industrial complex that spans not only the Five Eyes countries but also the 35 partner countries. There is a huge array of highly technical programmes and developments underway – all with implications for the way we live. There are huge vested financial interests in the development of surveillance technologies and this in itself needs independent scrutiny. There is growing evidence that aside from passive data collection intelligence agencies have powerful interventionist capabilities. Even more worrying is the engagement with behavioural intervention, encouraging people through covert programmes to change their behaviour.

It is fortunate that Boing Boing website, which originally released the document, have given a reasonable account of what it means.

Nonetheless the document demonstrates the problem of comprehension for external oversight. After monitoring intelligence for four decades I would suggest history teaches us that the intelligence community almost always exceeds its powers where the official oversight is weak - and it always is. Home Secretary Theresa May’s admissions in October 2014 indicate that GCHQ bulk collection was most likely illegal but Government supported. So where does that leave accountability and oversight? The most consistent and effective oversight mechanism has been the media. But the economic forces at play in the news media mean there are now only a handful of national security reporters. I doubt if any have struggled to make sense of HIMR Data Mining Research Problem Book or its implications. The BBC’s national security reporting which should be exemplary is instead notably for its lack of critical analysis of the intelligence community.

So what about the official intelligence oversight? The dominant body is Parliament’s Intelligence and Security Committee. In the ISC report of February 2013 – thus pre Snowden - which, in effect, supported the government’s position that a Communications Data Bill - “the Snooper’s Charter” - was needed, there was no mention of mass collection of data, nor had there been in the ICC’s report of 2011. It was Snowden’s leaks which revealed that GCHQ was engaged in mass data collection. So did ISC deliberately not refer to bulk collection or did they not know it was happening? It is a fool or knaves question that needs to be answered. The revised Snooper’s Charter Mark Two – the Investigatory Powers Bill (IPB) – again allows for invasive of privacy rights with some amendments. The current arrangements for intelligence accountability have many critics, including the UK Parliament’s Home Affairs Committee, who published a report in May 2014 critical of the current system. ‘We do not believe the current system of oversight is effective,’ the report said. ‘The scrutiny of the work of the security and intelligence agencies should not be the exclusive preserve of the Intelligence and Security Committee.’ Gill echoes this when he observed: “But we have learnt of highly controversial policies such as rendition and torture and mass communication surveillance not from these formal institutional mechanisms of oversight in the UK; rather they have come as a result of whistle-blowers, legal action and investigative journalists” (2013, 3).

Official oversight in the UK, he stated, is insufficient: First, because of the inadequate legal basis for the authorisation and control of UK intelligence agencies and, second, institutions of oversight are overly-concerned with the legalities of intelligence practices compared with broader issues of ethics and public education. Effective oversight will always depend partly on an informal network of researchers, journalists and lawyers in civil society but a mature democracy must develop an oversight system with adequate powers and full-time research staff (2013, 4).

ISC investigatory capabilities have been poor. In fairness, I am told that ISC is developing its capability to monitor programming and mathematical side of its charge’s work. God knows what MPs would make of any of this without help. The feeble efforts of the Joint Committee on the Draft Investigatory Powers Bill have been embarrassing when not plain partisan.
At the moment the little accountability there is, is brought be a range of individuals at Intercept, Boing Boing and specialists like Duncan Campbell. It is not joined up. There is clearly a need for an independent grouping that can organise and sustain the expertise to analyse material like the Snowden documents to bring effective accountability to the UK’s burgeoning government, private and academic intelligence community. This in its turn would be the first step to multinational approach to monitoring the Five Eyes and their partners.

Seminar 5 Position Statement: Dr Steve Wright

Proliferation Of Surveillance Capacity

Steve Wright

Applied Ethics, Leeds Beckett University

Surveillance capacity has grown out of all recognition since surveillance scholars first identified it as an issue for academic interest in the early 1980s. Accelerating proliferation of surveillance capacity has transformed our city-scapes and the level of political and privacy intrusion that the authorities now bring to social and economic governance.
Following early work on NSA bulk surveillance via Echelon and more recent revelations by Edward Snowden on the facility of that capacity to grab internet traffic, take over ICT and camera facilities remotely and map who is in touch with whom, the headlines have focussed on scale and privacy and the lack of accountability in the operating states. The paradigm shift has been the realization that most of us now carry around a portable geo-location tracking device, but that capacity can cut both ways.
Previous meetings have examined sousveillance – the proliferation of quite powerful surveillance capacities into the hands of citizens and NGOs. Such cameras and even satellite access have enabled  powerful counter checking of official stories especially during demonstrations, riots and even counter-insurgency scorched earth initiatives by NGOs such as WITNESS.
What is less studied is the transfer of such surveillance capacity to those who violate human rights on a grand scale. Such proliferation is promoted commercially by business deals and exhibitions which treat all surveillance technologies as a social good. I will explore how seemingly innocuous facilities such as traffic monitoring and counter speeding vehicle recognition has been used to service politically repressive agendas. I will also look at the trends and practices of a select group of surveillance equipment manufacturers who knowingly transfer surveillance capacity to governments whom they know will turn it on peace activists, trade unionists, journalists and human right defenders. I will conclude by looking at the work of some NGOs which are challenging such practices and the need to strengthen such work over concerns which now have global relevance.

Seminar 5 Position Statement: Dr Andrew McStay

Creative Studies & Media, Bangor University

The surprising absence of intimacy in European Data Privacy Regulations

My interest is the growth in emotional analytics by means of biometric data collection. I have primarily been looking at the commercial application of these in personal devices and public environments - for instance, the growth of advertising billboards that read the faces of viewers for indications of their emotional reactions. I have conducted a 2000 person UK-based survey that demonstrates that people are not happy about such developments. From interviewing industry leaders, privacy NGOs, data regulators in Brussels and media law firms, I am finding a rather alarming picture because current use of emotional analytics is legal in public spaces on the basis that people are not personally identified and that no code is generated about them. (It took a lot of advice to confirm this fact). As it stands, we have no current or forthcoming EU legislation that offers citizen protection from these activities. Closer to the core interests of DATAPSST, there are implications for understanding state surveillance, particularly in regard to cities and publics (e.g. the construction of urban emotional heat maps). I am just getting started on this but have insights from a variety of US and European technologists, and NGOs such as Privacy International, Open Rights Group, Electronic Frontier Foundation and International Association of Privacy Professionals.

Seminar 5 Position Statement: Dr.Matthew Fluck

The transformative potential of transparency

Dr Matthew Fluck

Department of Politics and International Relations, University of Westminster

International politics appears to be defined by its opacity – by mutual uncertainty between states and the absence of mechanisms for democratic scrutiny. This seems to point to the transformative potential of transparency. Ever since the ‘Perpetual Peace’ essays of Kant and Bentham, scholars and practitioners have looked to transparency as means of creating a fairer and more peaceful world politics.[i] With the technical ability to share information on an unprecedented scale, it now seems that such hopes might become a reality. A plethora of international organisations, governments, and NGOs appear to be working towards this goal.
This suggests the importance of two related questions. First, given the range of actors pursuing it, should we think of ‘transparency’ as a single concept? Second, to what extent can it actually live up to its transformative promise?

What is transparency?

Regarding the first question, it is possible to identify at least three conceptions of transparency implicit in the work of scholars, practitioners, and activists. In the first, ‘transparency-as-disclosure’, the public gains access to information held by institutions whilst keeping its rights to privacy and secrecy. Its power relative to these institutions thereby increases.[ii] In a second, related conception –   ‘transparency-as-information’ – information is shared between formally equal actors, facilitating the efficient or stable operation of the system in which they interact. This conception is apparent in rationalist accounts of the states system or economics.[iii]  These first two conceptions are unified by a common assumption that knowledge can be understood in terms of the transmission of information. A third conception – transparency-as-publicity – involves a different epistemology and understanding of political interaction. In this case, transparency involves participants’ mutual openness about reasons and motivations in a continual process of rational communication.[iv] Whilst it is much less intuitive than the other two conceptions, this understanding is implicit in some cases of activism, for which the goal is less access to data and more the creation of a more responsive and open form of politics.

Can transparency live up to its transformative promise?

Regarding the second question, there is reason for caution once transparency is viewed in historical context. Transparency was once what, following Theodor Adorno, we might term an ‘emphatic concept’ – it was not simply descriptive, but reflects the desire for a revolutionary political change. In Bentham’s day, the ideal of transparency confronted a form of politics – including international politics – grounded in personalised power. Most individuals were simply not considered worthy of knowledge concerning ‘matters of state’. The pursuit of transparency was therefore the pursuit of revolutionary change.
The persistent secrecy of international politics tends to distract from the fact that it generally now occurs on a fundamentally different basis – between bureaucratic states and institutions relying on the creation and circulation of vast amounts of data. In theory, within states, all citizens are potentially recipients of this information. In some spheres of activity – e.g. that of consumers in the free market – universal access appears desirable. Even top secret data is accessed by thousands of individuals with the appropriate qualifications and clearance. In a context where channelling data to the right quarters is vital to sub-systems of governance, it is less clear that transparency – at least understood as information or disclosure – can fulfil the role of emphatic concept. Rather than pointing to a new politics, it might reflect acceptance of our pre-designated roles as items and recipients of data. This is apparent in the international sphere, where transparency offers easy consolation in the absence of more substantive forms of empowerment.
Of course, transparency is useful in dealing with specific problems involving corruption or oppression. However, in the forms in which it is generally understood – transparency-as-disclosure and transparency-as-information – its pursuit is unlikely to generate the responsive, peaceful international politics with which it is often associated. The best hope of reviving a more radical conception might lie in identifying those dimensions of current calls which still play an emphatic role. It is here that the concept of transparency-as-publicity identified above might be useful. This understanding suggests that transparency does not simply involve access to data but, more importantly, forms of political interaction which have yet to be achieved.

[i] Bentham, J (1838-1843) ‘A Plan for an Universal and Perpetual Peace’. In: Bowring J (ed) The Works of Jeremy Bentham Volume 2. Edinburgh: William Tait, 546-556; Kant, I (1970a) ‘Perpetual Peace: A Philosophical Sketch’. In: Reiss, H (ed) Kant’s Political Writings. Cambridge: Cambridge University Press. 93-130.
[ii] Buchanan, A and Keohane, RO (2006) ‘The Legitimacy of Global Governance Institutions’. Ethics & International Affairs, 20(4): 405-37.
[iii] Fearon, JD (1995) ‘Rationalist Explanations for War’. International Organization, 49(3): 379-414; International   Monetary   Fund (2012)   “Fiscal   Transparency,  Accountability,   and   Risk.”
[iv] Linklater, A (1998) The Transformation of Political Community. Cambridge: Polity.

Seminar 5 Position Statement: Dr.Yuwei Lin

National and regional differences in responding to privacy and surveillance issues in a post-Snowden era

Yuwei Lin

University for the Creative Arts

After the Snowden revelations in 2013, the Freedom House and others highlighted the issue of 'surveillance' in the Joint Statement of Civil Society Delegates to the 2013 Internet Governance Forum. They called for an end to illicit online surveillance by any government. “To be legitimate and lawful, any surveillance must be limited, targeted, used to deter or investigate criminalized activity, and subject to independent judicial oversight.” They also emphasised transparency and accountability: “Governments likewise should ensure that their policies and practices are fully transparent as a means of preserving their legitimacy, credibility, and moral authority with their own citizens and the international community” (Freedom House 2013).

Despite the existence of the Internet Governance Forum (a multistakeholder platform that enables the discussion of public policy issues pertaining to the Internet), the IGF offers no negotiated outcomes and hence there is no global regulatory frameworks for regulating global information flows. As such, the discussion about human rights, freedom of expression, privacy, and free flow of information on the Internet has limited influence on global policies and fails to resonate in many less developed countries outside Europe and the USA. China, for one, has remained untouched at such kind of global forums. There is a need to develop more agile strategies to tackle local perceptions and concerns about human rights online. The first step would be to understand the truly local voices about surveillance in a post Snowden era. 

At this seminar, I wish to learn more about how citizens in the countries outside Europe and the USA view and perceive human rights online after the Snowden revelations. How the Snowden revelations were covered in local newsmedia and what are the audience feedback? What are the regional and national differences in responding? Do Chinese people worry about state-controlled media, content censorship, surveillance, shutting down or deliberate slowing down of networks, and other methods of internet control? It seems that when the Chinese government announced their social surveillance gameSesame Credit” (a game the Chinese government has created to evaluate how good a citizen someone is) as a light handed way of controlling online speeches and content, few Chinese people questioned its role as a thought control tool. They ignored the conspiracy theory all too quickly, perhaps.

The discussion about veillance and surveillance need to be placed in an international context to understand how these local concerns or non-concerns emerge and transpire. We need to learn more about non-Western centric perspective on human rights on the Internet, especially concerning privacy and surveillance. After all, the concepts of privacy and surveillance have different cultural meanings in different regions and countries. As an educator, I am also keen on learning how colleagues initiate such discussion with their international students and what pedagogical approaches colleagues adopt to deepen the discussion in university classrooms.


Seminar 5 Position Statement: Lachlan Urquhart

Transparency of Non-State Actors? The Case of Technology Designers and Privacy by Design

Lachlan Urquhart

Mixed Reality Laboratory & Horizon Digital Economy CDT, University of Nottingham

My position on transparency and non-state actors is framed in the context of European Data Protection (DP) Law. A key component of the upcoming EU DP reform package is the concept of data protection by design and default (DPbD). Designing privacy protections into a technology has long been considered best practice, and soon it will be mandated by law. It requires privacy concerns to be considered as early as possible in the design of a new technology, taking appropriate measures to address concerns. Such an approach recognises the regulatory power of technology which mediates behaviour of a user, and can instantiate regulatory norms. 

Concurrently, regulation, as a concept, has been broadening and moving beyond notions of state centricity and increasingly incorporating actions of non-state actors. I'd argue privacy by design is a context where technology designers, as non-state actors, are now regulators. How they build systems needs to reflect their responsibilities of protecting their users’ rights and personal data, through technical and social safeguards.

However, the nature of their new role is not well defined, leaving open questions on their legitimacy as regulators. They are not normally subject to traditional metrics of good governance like public accountability, responsibility or transparency. Furthermore, the transnational nature of data flows, as we see with cloud computing for example, adds an extra layer of complication. The new DP law will apply to actors outside of EU, e.g. in US, if they are profiling or targeting products and services to EU citizens, meaning  there are national, regional and international dimensions to consider. Overall, the fast pace of technological change, contrasted with the slowness of the law has pushed designers to be involved in regulation, but without appropriate guidance on how to do so. 

This is a practical problem that needs to be addressed. An important component is the role of nation states. State and non-state actors need to complement each other, with the state often ‘steering, not rowing’. The model of less centralised regulation cannot mean dispelling with traditional values of good governance. Instead state regulators need to support and guide non-state actors, on how to act in a regulatory capacity. How can transparency, legitimacy and accountability be reformulated for this new class of ‘regulator': the technology designer. Much work needs to be done to understand how designers need support as regulators, and how the state can respond to this. 

Seminar 5 Position Statement: Grace Eden

What Difference will Regulations Make?

Grace Eden

Institute of Information Systems  University of Applied Sciences of Western Switzerland

In December 2015, the EU agreed the General Data Protection Regulation (GDPR), which is expected to be enforceable by 2018 if passed by all member states this year (Gibbs 2015). New laws that increase data protection are welcome, however as the Snowden disclosures revealed, intelligence agencies use a variety of methods to gain access to personal data. So what effect will regulations have on these practices?  The techniques used by intelligence agencies include tapping physical infrastructures such as fibre-optic cables, through programmes like TEMPORA.  It also includes harvesting data from network infrastructures where metadata and content is collected from major Internet  companies through the MARINA and PRISM programmes. Also, in many cases intelligence  agencies hack into computer systems and networks as revealed in the QUANTUM THEORY  programmes.
Most recently, in a ruling this year, the UK Investigatory Powers Tribunal determined that hacking by GCHQ  (Government Communications Headquarters) does not breach human rights (Bowcott 2016). There are two positions being taken in regards to citizens’ expectations of privacy with one set of rules for intelligence agencies and another for corporations. What can the European Commission and national institutions do to address citizens’ privacy concerns in both areas? How will different understandings of proportionality (Tranberg 2011) impact the average citizens’ rights to data privacy and security? To what extent will new regulations make a difference in both the business and government sectors?
As important as the data protection regulations themselves are – questions of how citizens develop trust that laws are actually being adhered to by corporations and governments remain. How do we ensure accountability? The development of guidelines for operationalizing law and regulation should be discussed alongside the political and legal debates. Citizens should be able to use online tools to evaluate how well web services comply with regulations in all areas including informed consent, right-to-be-forgotten and cross-border transfers of data. They should also have access to informative labelling that communicates information about product quality, in this case digital products. Labels promote consumer literacy giving citizens an opportunity to make informed choices. They should also communicate a ‘disclosure of risk’ if one decides to use a product, and expectations of personal responsibility for risk. These are currently found in the lengthy and often indecipherable Terms & Conditions. Information labelling used in combination with online tools could be an approach for operationalizing the General Data Protection Regulation (GDPR) and other data privacy and protection laws.


Gibbs, S. (2015). EU agrees draft text of pan-European data privacy rules. The Guardian, data-privacy-rules
Bowcott, O. (2016). GCHQ hacking does not breach human rights, security tribunal rules. The  Guardian, breach-human-rights-investigatory-powers-tribunal
Tranberg, C.B. (2011). Proportionality and data protection in the case law of the European Court of Justice.  International Data Privacy Law 1(4). pp. 239-248. doi: 10.1093/idpl/ipr015.

Monday, March 28, 2016

Seminar 5 Position Statement: Prof Pete Gill

Tackling Transparency Beyond the Nation-State

Politics & Intelligence

University of Liverpool

Some issues providing the context for oversight of international intelligence cooperation…

Much of the debate provoked since 2013 by the publication of a trove of NSA/GCHQ documents in major media outlets has taken place within the traditional civil libertarian frame of suspicion and critique of states’ (formally democratic and otherwise) surveillance of citizens and others. The ‘others’ abused by what is variously described (by critics) as ‘mass surveillance’ or (by officials) as ‘bulk collection’ include not just foreigners but also the communication service providers (CSPs) who have been variously hacked, bullied or bribed by governments in their search for data. Major proposals for reform are under consideration in many countries and, unsurprisingly, are centred on the perceived need for laws that not only acknowledge the breadth of contemporary intelligence activities but also are ‘fit for purpose’ in the age of the Internet and social media networks.
Current laws have certainly been exposed as inadequate; in the UK, for example, the Regulation of Investigatory Powers Act 2000 has been criticised as outdated, irrelevant and opaque. As anyone who has tried to understand it will testify, it is certainly the last of these but, significantly, prior to June 2013, there was no clamour from government or the agencies that it was either of the first two. It had rather successfully ‘future-proofed’ the interception of communications (and other covert techniques) against technological innovation by describing powers very generally and ‘judge-proofed’ it by building in authorisation and oversight processes that met ECHR requirements. The Investigatory Powers Tribunal had upheld no complaints against the agencies until recent cases brought on the basis of information released as part of Snowden’s archive exposed faults in GCHQ’s internal practices.
Thinking about reform, we must note that ‘intelligence’ has, to put it mildly, an ambiguous relationship with law. ‘Legalisation’ of intelligence is relatively recent (only in Germany and Netherlands does it go back more than forty years…) and intelligence for security purposes is a central (realist rather than cosmopolitan) tool in the conduct of international relations. There are greater (ECHR article 8-inspired) legal restrictions on the use of intelligence domestically. But agencies such as MI5, MI6 and GCHQ are not the only intelligence actors. First, there are a range of other state agencies – police, border, financial – who develop intelligence. Second there are a range of corporate actors including specific security companies working on contract to governments or other corporations, companies involved in foreign operations where security is a major issue and companies providing the hardware and software products without which neither states not companies can operate.  This gives rise to a crucial interdependence or symbiosis between public and private (described by Anna Leander and Didier Bigo as ‘hybridity’). These companies are not ‘victims’ of the state; they have essentially the same business model: the exploitation of people’s personal information in order to pursue organisational objectives.
Also relevant is the changed perception of risk since 9/11: compared with the Cold War, governments perceive current security risks as much more complex and uncertain and therefore demand as much ‘intelligence’ as possible from the agencies. More or less contemporaneously with this shift has been the digital revolution which, for the first time ever, seems to make it feasible to supply this by ‘collecting everything’. International intelligence collaboration has always existed, especially between allies during war, but has been much increased this century as a result of pressure from the US and the UN to respond to this heightened threat-perception. The most controversial example of collaboration after 9/11 was the use of ‘extraordinary rendition’ (aka kidnapping and torture) at the behest of the US and which involved the active cooperation and/or collusion of many other states including the UK. International intelligence cooperation is essential for security but has a great potential for the abuse of human rights. It cannot be dis-invented; therefore the issue is how it might be better controlled and overseen.
There are two main sources of ideas and experience: national oversight procedures established over the last 30-40 years, mainly in the Americas and Europe but also in parts of Africa and Asia and the legal and political processes by which rendition was exposed. Key to effective national oversight is that those responsible (whether inside or outside the Assembly) have a legal mandate to examine all aspects of intelligence, including international cooperation, have adequate resources in terms of staff expertise and full access to agency people and files, and, crucially, have the political will to deploy them. The main lesson to be drawn from the exposure of rendition is that formal parliamentary, extra-parliamentary or judicial oversight will always require supplementation from civil society organisations and media.
The more specific challenges to the oversight of international intelligence cooperation and some thoughts on how they might be met will be discussed at the seminar.
Pete Gill
15 March 2016