Data, Drones and Citizens' Privacy, Liberty, and Security in the European Union

Tagungsberichte

Data, Drones and Citizens' Privacy, Liberty, and Security in the European Union

Report on the International Conference “Citizens’ Perspectives on Surveillance, Security and Privacy Controversies, Alternatives and Solutions”. Joint Conference, SurPrise, PRISMS & PACT

Vienna, Austria, November 13–14, 2014

by Georg Huber, Institute for Technology Assessment and Systems Analysis (ITAS), Karlsruhe

The revelations of Edward Snowden marked a watershed in the public discussions concerning privacy and surveillance, putting a subject in the centre of public discourse that was once deemed the domain of privacy advocates, human rights activists, and IT specialists. It was thus not very surprising that Snowden figured in the background of many talks of the joint conference of the EU FP7-funded projects SurPRISE (Surveillance, Privacy and Security), PRISMS (Privacy and Security Mirrors ), and PACT (Public Perception of Security and Privacy ). All dealt with the topics of surveillance, liberty, and security while putting the perspective of European citizens at the centre of their research. It is noteworthy that all of these projects were initiated and named long before Edward Snowden made his revelations to the public.

During the conference a number of topics emerged from the talks and presentations given during the conference. One of them was the continuing threat that unchecked surveillance still poses to privacy and democracy. Another one was the trade-off between liberty and security (a continuing issue in surveillance studies) and if the latter really exists. A third topic worth mentioning (and the explicit focus of the three research projects) was the perception of surveillance technologies by European citizens.

1     The State Encroachment on Privacy and Activism

After the welcome address by Michael Alram(ÖAW) and a short talk by Walter Preissl (ITA/ÖAW) introducing the projects, Julian Kinderlerer (European Group on Ethics in Science and New Technologies, Belgium) gave the first keynote speech of the day. Drawing on his own experiences with intrusive state surveillance during the era of apartheid in South Africa, he expressed his strong concern about the degree of state surveillance, in particular in the UK; for example he mentioned the fact that there are about 200 cameras installed in British school toilets and restrooms. He touched on various issues from ethics to European law before presenting the recommendations of the EGE Group appointed by the European Commission to provide advice to the Commission as well as the European Parliament on issues of surveillance, security technologies, and ethics. One of the noteworthy recommendations presented by the EGE group was to limit the introduction of surveillance technologies to justifiable exceptions, under strict judicial scrutiny and strong legal safeguards. They furthermore argued for privacy by design when developing new technologies, as well as putting the burden of proof on those who employ them, not on those who reject them.

The second keynote presentation of the day was delivered by Ben Hayes from the British civ-il liberty organization Statewatch. He took on an activist’s perspective that, as he argued, was proven right by Snowden’s revelations, which he very much appreciated. He also praised the increasing legal activism against boundless mass surveillance in the US and Europe, the USA Freedom Act which is somewhat reducing the surveillance by the NSA, and the move towards mass encryption by US Service providers. Still, most of the current surveillance practices have not changed, and there is an utter lack of knowledge about the capabilities and practices of the national security agencies (of EU Member States). However, academics and activists should turn their attention and criticism towards these agencies. He also argued that there is a clear need to stop the pre-emptive war on terror and the increasing surveillance state as well as political policing, as the practices of European national security agencies and political policing units are legally questionable and neither proportionate nor about terrorism. According to Hayes the easiest way to get a file is to “pray in the wrong mosque or be politically active” – a status quo that urgently needs to be challenged.

The last keynote speech was given by Peter Hustinx, the (then) European Data Protection Supervisor (EDPS, Belgium). In his talk he focused on the concrete work of the EDPS and on current legal developments, inter alia, the landmark judgement of the European Court of Justice invalidating the Data Retention Directive, the new “right to be forgotten” (created by the European Court of Justice) or the impending Data Protection Regulation. He stressed the importance of these developments in general and the importance of the incorporation of the European Union’s Charta of Fundamental Rights into the body of primary law in particular.

2     Different Perceptions of Surveillance

The next session summarised the key findings of the three projects SurPRISE, PRISMS, and PACT. It was chaired by Nina Tranø (One Voice AS, Norway), the results were presented by J. Peter Burgess (Peace Research Institute Oslo (PRIO), Norway, PACT), Michael Friedewald (Fraunhofer ISI, Germany, PRISMS), and Johann Čas (ITA/ÖAW, Austria, SurPRISE). All three projects pursued pan-European empirical research asking European citizens about their attitudes towards surveillance and security, in the form of pan-European surveys (PACT and PRISMS) or citizens’ summits and meetings (SurPRISE). What emerged is that the perception and acceptance of surveillance technologies is highly context-dependent and cannot be described in a simple “security vs. liberty” trade-off. The findings of SurPRISE suggest that surveillance technologies are acceptable to citizens if they are employed using clear criteria such as a proper regulatory framework or the minimum amount of sensitive data. The perception of which security technologies and practices are acceptable to the populace and which are not varies widely. CCTV[1], for example, has a different degree of acceptance depending on the age bracket of the respondents, in contrast to the surveillance of the Internet which is much less accepted, as the PACT project found out. There are also significant differences between the populations of the different member states, as the findings of the PRISMS project reveal. One of the most interesting aspects of the results of the PRISMS was that citizens perceived the concept of “security” in distinctly different ways than policy-makers and associated it first and foremost with ideas such as job security or access to health care and not just with classical policing and military security.

3     Integrating Citizens’ Perspectives

A further event was a round table on “The challenge of integrating citizens’ perspectives into security policies”, chaired by J. Peter Burgess (PRIO, Norway) and Bruno Baeriswyl (Data Protection Commissioner of the Canton of Zurich, Switzerland), Andreas Krisch (European Digital Rights, Belgium), Gideon Skinner (Ipsos Mori, UK), Vida Beresneviciute (European Union Agency for Fundamental Rights, Austria), and Wainer Lusoli (European Commission – DG Research and Innovation, Belgium) as participants. Issues such as the role of the industry in raising the standards of IT security, the competence of the general public in evaluating surveillance policies, or the need for effective data protection played an important role here.

4     Processes and Alternatives: How do Decision Support Systems Matter?

In this session moderated by Dermot Ahern (former Minister of Justice and Home Affairs & PACT Stakeholder Advisory Group Chair, Ireland) the first talk was given by Jacob Skøjdt Nielsen (Danish Board of Technology Foundation, Denmark) and Marta Szenay (Medián, Hungary). They presented the participatory methodology and the Decision Support System (DSS) of the SurPRISE project. In their talk they focused on methodological and technical issues of the project’s citizens’ summits and meetings and the said decision support system. The next talk “Moving away from the security-privacy trade-off: the use of the test of proportionality in decision support” by Máté Dániel Szabó (University of Miskolc, Hungary), Bernadette Somody, and Iván Székely (both Eötvös Károly Policy Institute, Hungary) was a very interesting attempt to transfer the legal proportionality test as applied by the European Courts[2] to the practical question whether to apply surveillance technology or not (as exemplified by the case of a flower shop owner suffering from theft issues and wanting to employ CCTV to stop it). In the last talk of this session, Dimitris Kyriazanos, Olga Segou, Anastassios Bravakis, and Stelios C.

A. Thomopoulos (all National Centre for Scienticifc Research “Demokritos”, Greece) presented the Decision Support Tool of the PACT project which aims to help decision makers determine whether or not to employ surveillance technologies. The most notable presentation of Session 4 (“Integrating citizens’ perspectives in decision making”) was given by Matthias Leese and Peter Bescherer (both University of Tübingen, Germany) in which they introduced the VERSS project. This project looked at the distribution and production of security in urban spaces through bottom-up securitization by different forms of civic engagements, comparing two rather different German cities (Stuttgart and Wuppertal).

5     Framing Privacy and Security: The Rise of New Controversies?

Georg Markus Kainz and Christian Jeitler (both quintessenz, Austria) focused on the dangers of boundless surveillance for a democratic society and on the shift in the quality of surveillance – from old analogue wiretapping to the ubiquitous digital surveillance of the Internet age – which threatens to undermine the very notions of privacy and thus of democracy. The next speakers in this session were Lilian Mitrou, Prokopios Drogkaris, and George Leventakis (Center for Security Studies – KEMEA, Greece). They talked about the legal and social aspects of surveillance technologies or, to be more precise, on CCTV in Greece. Their description of the legal battles about the use and abuse of CCTV in the public domain in Greece was certainly an interesting case study in function creep, indicating that the usage of a technology, once introduced, is quite frequently extended beyond the initial purpose, a phenomenon that often comes along with the introduction of surveillance technologies. Their talk also included some fascinating glimpses into the different national attitudes concerning surveillance (the Greek population seems to be largely unconcerned about surveillance by private actors). The session took a decidedly technical turn when Florian Idelberger (European University Institute, Italy) gave a presentation on the aspect of “Code as Law”, focusing on decentralised, peer-to-peer, and encrypted software systems from the past (Skype once was a peer-to-peer technology), the present (for example bitcoin), and emerging technologies which create a “crypto-social contract”, thus creating a new form of law through code.

6     Security Technologies Under Scrutiny

The presentation by Francesca Menichelli (Vrije Universiteit Brussels, Belgium) gave insights into the attitudes of travellers and security personnel at an unspecified airport and their personal strategies for dealing with the need for increased surveillance and security measures. This revealed a certain paradox as there is an almost universal acceptance of increased security measures while no one believes in absolute security. Luisa Marin (University of Twente, The Netherlands) gave a presentation on the employment of drones in the context of the European Border Surveillance System Eurosur employed by Frontex. In her very comprehensive talk she covered many aspects of drone use from the theory that explains the implementation of these kinds of technologies to the legal background of their application in border surveillance. Dimitris Tsapogas (University of Vienna, Austria) dealt with digital citizenship after Snowden and the degree of concern that people in Greece with different politic attitudes (ranging from the far left to the far right) and walks of life have towards the issue of surveillance. Again, this revealed a very interesting variety of attitudes, depending on political stance, knowledge, and profession. For example, participants belonging to the far left were most concerned about their online privacy while those respondents regarding themselves as centrist were the least worried. IT Specialists were most concerned about their privacy and at the same time optimistic about their capability to fend off attacks on it; the interviewed legal experts were less concerned.

7     Perspectives and Challenges

The conference provided the rare opportunity to engage with the issues of surveillance from a genuinely European point of view. One of the advantages was the diversity of disciplinary perspectives ranging from law to almost all social sciences. It was also an appropriate occasion for practitioners, academics, and activists interested in the issue of surveillance in the EU to meet and engage in dialogue.

Some findings and opinions tended to come up in a number of talks and seem to form an emerging consensus among the conference participants. One of these was the great variety of opinions concerning surveillance technologies and their employment in the different EU member states and also between the different strata of the public in the EU. Also the acceptance of the various surveillance technologies differs greatly depending on both the technology itself and the context. These findings might pose a challenge to policy makers aiming at the implementation of acceptable surveillance technologies in the European context. Reflecting on the discussions during the conference, there seems to be a need to scrutinize the current practices of almost unlimited data gathering and replace them with a regime of surveillance that is much more restricted than the current one (or rather the current ones) and to specify and bind surveillance to fundamental rights, the rule of law (e.g. much stricter oversight by courts), and democratically elected institutions. This of course presents a great challenge to law makers and politicians, but also to the European public as a whole.

Notes

[1] Close Circuit Television – a common technical term for video surveillance.

[2]The legal test is applied by the European Court of Justice (as well as the General Court and the Civil Service Tribunal) to find out whether a given measure is defensible under the Principle of Proportionality, i.e., if it pursues a legitimate aim, if it is suitable for reaching this aim, if it is necessary for achieving it, and whether the burden imposed on the individual for achieving the aim is not thus excessive (proportionality in sensu stricto).