Privacy protection online I
Surveillance
MVV1368K Privacy and Personal Data
František Kasl
1/28
Structure of the seminar
• 1) Essays
– Basic info + readings
• 2) Topics
– Surveillance then and now
– Chilling effect
– New surveillance
• 3) Slides
– Title – Question – Discussion - Information
2
Essays - Topics
• Essay Deadline: 31 October, 8:00 AM
• approx. 10 500 - 16 000 characters long (+ footnotes) = 5-8 pages
• For further essay requirements see interactive sylabus
• Presentation day (only students with Presentation No. 1): 1 November
– Surveillance then and now: Development of the issue
of state surveillance in the privacy context
– Chilling effect: How lack of privacy affects the political
freedom and social dissent
– New surveillance: From pursuit of national security to
erosion of privacy for commercial purposes
3
Obligatory readings
• These readings are the prerequisite for the
understanding of the concept of surveillance and its
historical development.
– CLARKE, Roger. Introduction to Dataveillance and
Information Privacy, and Definitions of Terms, 1997.
Available at: http://www.rogerclarke.com/DV/Intro.html
– MARX, Gary T. What’s new about the “new surveillance”?:
Classifying for change and continuity, Knowledge,
Technology & Policy. 2004, Vol. 17, No. 1, pp. 18–37.
Available (through university computers) at:
https://link.springer.com/article/10.1007%2FBF02687074
4
Voluntary readings
• These readings provide additional insight into the challenges related to the
conflict of surveillance and privacy.
– STUART, Avelie; Mark Levine. Beyond ‘nothing to hide’: When identity is key to privacy threat
under surveillance. European Journal of Social Psychology. 2017, Vol. 47, 694-707. Available
(through university computers) at: https://onlinelibrary.wiley.com/doi/abs/10.1002/ejsp.2270
– MILAJ, Jonida. Privacy, surveillance, and the proportionality principle: The need for a method
of assessing privacy implications of technologies used for surveillance, International Review of
Law, Computers & Technology, 2016, Vol. 30, No. 3, pp. 115-130. Available (through university
computers) at: https://www.tandfonline.com/doi/abs/10.1080/13600869.2015.1076993
– POSNER, Richard A. Privacy, Surveillance, and Law, The University of Chicago Law Review.
2008, Vol. 75, No. 1, pp. 245-260. Available (through university computers) at:
https://www.jstor.org/stable/20141907?seq=1#page_scan_tab_contents
– PENNEY, J. W. Chilling Effects: Online Surveillance and Wikipedia Use. Berkeley Technology Law
Journal. 2016, Vol. 31, No. 1. Available (through university computers) at:
https://heinonline.org/HOL/LandingPage?handle=hein.journals/berktech31&div=6&id=&page
=
– ZUBOFF, Shoshana. Big other: surveillance capitalism and the prospects of an information
civilization. Journal of Information Technology. 2015, Vol. 30, No. 1, pp. 75-89. Available
(through university computers) at: https://link.springer.com/article/10.1057/jit.2015.5
5
Additional readings
• These readings provide broader context and up-to-date examples of situations, where privacy is
being challenged by surveillance.
– BUNIN, G. ‘We’re a people destroyed’: why Uighur Muslims across China are living in fear. The Guardian. 7.
8. 2018. Available at: https://www.theguardian.com/news/2018/aug/07/why-uighur-muslims-across-china-
are-living-in-fear
– SCHNEIER, Bruce. It's Not Just Facebook. Thousands of Companies are Spying on You. CNN. 2018. Available
at: https://www.schneier.com/essays/archives/2018/03/its_not_just_faceboo.html
– SCHNEIER, Bruce. Security vs. Surveillance. Don't Panic: Making Progress on the 'Going Dark' Debate. 2016.
Available at: https://www.schneier.com/essays/archives/2016/02/security_vs_surveill.html
– SCHNEIER, Bruce. The Era Of Automatic Facial Recognition And Surveillance Is Here. Forbes. 2015. Available
at: https://www.schneier.com/essays/archives/2015/09/sep_29_2015_0930_am_.html
– CLARKE, Roger. Risks Inherent in the Digital Surveillance Economy: A Research Agenda. 2017. Available at:
http://www.rogerclarke.com/EC/DSE.html
– CLARKE, Roger. Data Retention as Mass Surveillance: The Need for an Evaluative Framework. International
Data Privacy Law, 2015, Vol. 5, No. 2, pp. 121-132. Also available at:
http://www.rogerclarke.com/DV/DRPS.html .
– CLARKE, Roger; Marcus WIGAN. You Are Where You've Been The Privacy Implications of Location and
Tracking Technologies. Journal of Location Based Services, 2011, Vol. 5, No. 3-4, pp. 138-155. Also available
at: http://www.rogerclarke.com/DV/YAWYB-CWP.html
– CLARKE, Roger. From Dataveillance to Ueberveillance. 2013. Available at:
http://www.rogerclarke.com/DV/DV13.html
– SOLOVE, Daniel J.; Paul. M. SCHWARTZ. Privacy, Law Enforcement and National Security. 2014, Wolters
Kluwer Law & Business, 978-1454861539, 233 p.
– SCHNEIER, Bruce. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. 2016,
W. W. Norton & Company, 978-0393352177, 448 p.
6
Surveillance then and now
7
Quick recap:
Privacy and why does it matter?
• control over self-determination
– freedom to choose one´s future – „freedom to make mistakes“
– expression and development of unique personality + social profile
– control over one´s outside image – self-esteem/self-representation
• personal data = data about an individual
• private sphere = intimate / vulnerable / „true self“
• types of privacy – spatial x social x intellectual x informational
• levels of privacy - solitude x intimacy x anonymity x reserve
• => surveillance = attempts to profile for outside control = public –
excessive behaviour / private – customer behaviour
• data profile + data processing
– control over profile => categorization => prediction („pre-crime“ / „minitrue“ /
„what is not on the menu?“)
– control over individual - capacity for discrimination / normalization /
manipulation
8
Surveillance
What does it mean?
• „close observation, especially of a suspected person“
– Concise Oxford Dictionary
X
• „systematic investigation or monitoring of the actions
or communications of one or more persons“
– Roger Clarke, 1997
X
• „the use of technical means to extract or create
personal data“
– New Surveillance – G.T.Marx 2004
9
Technology and surveillance
New tools = less privacy?
• surveillance = ever present part of social organisation – need for
information / control
• changes in form and content
– tax surveillance
– religious surveillance
– political surveillance
– policed society surveillance
– work/market/medical surveillance
• self-surveillance X outside surveillance
• direct X indirect surveillance
• New tools and techniques => new countermeasures = constant
struggle
– observation X closed door / eavesdropping X coded language /
wiretapping X encryption
10
Big data and surveillance
How did modern ICT change surveillance?
• electronic communication = exponential increase in data =
new information potential
• Dataveillance
– "systematic use of personal data systems in the investigation or
monitoring of the actions or communications of one or more
persons"
• Roger Clarke, 1997
– significantly less expensive - can be automated => mass scale
surveillance
– wide range of techniques
• Front- End Verification (transactions)
• Computer Matching (big data combination)
• Profiling (categorisation)
• => Data Trail = person´s informational tracks in cyberspace
11
Chilling effect
12
National security and state interests in surveillance
For the greater good – justification of state
surveillance?
• surveillance in public interest
– airport security / public places / counter-terorism /
data retention / public health / social unrest
• surveillance = tool
– morality depends on the one who wields it
• NSA PRISM (counterterorism surveillance program)
• China - Xinjiang region – Uighur minority normalisation
X
• Energy distribution efficiency – Smart grid
• Enviromental monitoring
• Optimisation of public services
• Epidemiological disease monitoring
13
Panopticon
State´s watchful eye = good citizens?
• Panopticon prison as "a mill for grinding rogues
honest"
– Jeremy Bentham (1748-1832)
• you never know, if someone is not watching
– mass surveillance
– omnipresent surveillance in public places
– monitoring of employees through ICT
– surveillance through private online activities
• impact on behaviour = chilling effect
– social conformity = normalisation / preemptive selfregulation
/ supression of individuality / no space to revolt
14
Mass surveillance and data retention
Wider net = better catch?
• targeted surveillance – wiretapping / observation
– criminal procedure – court order – limited to suspect
• X
• mass surveillance - data retention tools
– systematic use of personal data systems in the
investigation or monitoring of the actions or
communications of groups of people.
– Non-discriminatory retention of data
– Preventive = not based on suspicion/investigation
– Full-scope = collect first – sort out later
– Evidence into the past = continuous process
15
Data retention vs. Privacy
How to find the balance?
• Data retention = panopticon of public surveillance
– combating terrorism x orwellian society
• Surveillance slack = differentiation between potential of the
tool and its actual use
– consideration of practical limits = budget / manpower / focus /
priorities...
• legal challenges to data retention through protection of
privacy
– retention by providers + access by criminal investigation units
– need for proportionality = effective tools + minimal intrusion
– Data Retention Directive 2006/24/EC – invalidated 2014
• CJEU 2014 – case Digital Rights Ireland - C-293/12
• CJEU 2016 – case Tele2 Sverige - C-203/15
• National constitutional courts => modified data retention approach
– retention within limits justifiable by service provider interests (technical/billing)
– access limited by court order / surpervision + list of criminal offences 16
Legal framework for surveillance
Public oversight through transparency vs. enforcement
efficiency?
• Standard surveillance = e.g. security check on airport
• X
• Hidden surveillance = secret services/national security
agencies X whistleblowers
• European legal framework
– complex / state specific – conflicting interests
• Explanatory example
– ECHR case of Big Brother Watch v. UK (Applications nos.
58170/13, 62322/14 and 24960/15) - 13 September 2018
(212) pages
17
Surveillance in the workplace
Employer´s assets vs. Employee´s privacy?
• justifiable interest X appropriate means
• Grand Chamber judgment - Bărbulescu v.
Romania (application no. 61496/08) - 2017
– proportionality criteria
• i) preceding notification about monitoring
• ii) adequate limitation of scope
• iii) legitimate interest
• iv) level of intrusion in private sphere
• v) capacity to achieve the goal
• vi) adequate guarantees for employees interests and rights
18
New surveillance
19
Surveillance capitalism
Do you like the likes?
• Freemium business model
– profit seeking + information asymetry + unclear value of personal data
• Early internet = encouraged model – infant industry protection
– X current situation changed – „puppy“ => „beast“
• New challenges
– omnipresence = big data = profiling
– informational bubble effect = polarization and fragmentation
– manipulative power = marketing x fake news x propaganda
– increasing importance of individuals virtual identities =>
• abuse of the tools = hate speech / cybercrime / cyberstalking / identity theft
• modification of personal perception = self-identification with virtual profile =>
impact on personality development – habits, opinions, preferences, choices
• New tool of social control
– China/Tencent – Social credit system => reward system for „good citizens“
20
Belly of the big data beast
How does the freemium business model generate
profit?
• Metadata => profiling => targeted advertisement
• „Half the money I spend on advertising is wasted; the
trouble is I don't know which half.“
– John Wanamaker (1838-1922)
• Indirect payment for the services = illusion of „free“
– Just access to internet? Income inequality x we all „are
data“
• Complex system = big data – max. revenue from
available information
– Invisible infrastructure = trackers and cookies
– Algorithmic marketing tools = profiling + real time bidding
21
The magic that makes it work
22
23
24
Regulation of cookies
How to tame the cookie monster?
• ePrivacy directive = transparency
– informed consent – opt in (X Czech opt-out)
– right to refuse
– cookie policy - data minimisation + privacy by design
• X regulatory gap behind technology
– new forms of cookies
• zombie cookies / flash cookies / ever cookies
• Proposal of ePrivacy Regulation
25
Platforms and illicit content
Private censorship vs. protection from „info-pollution“?
• ISP liability – eCommerce directive
– notice and action
– no obligatory general monitoring of content
– terms and conditions
– supranational entities - conflicting obligations
• privacy vs. surveillance (EU vs. US laws)
• terorist propaganda, hate speech, fake news
– legal tools X state enforcement in cyberspace
– technical tools X enforcement through private entities
• cooperation in criminal matters – access to data
• notice-and-action framework = delegated enforcement
– adjudication of content through private entity X court remedy available
– urgent issue = search for least imperfect tool that is effective
26
Future of surveillance – Smart everything
New tools = less privacy - ver. 2.0?
• internet of things / smart city / ambient intelligence
– ubiquity – „nowhere to hide“
• new countermeasures = privacy as commodity
– ambience – „everyday surveillance“
• new social standard = change in the concept of privacy?
– automated profiling – „you are your data“
• individualisation of offer (services, goods) and opportunity
(actions, decisions, rights)
– enhanced reality – merger of the real and virtual identity
• creation of new social gap? freedom on the fringes of society?
• dystopian scenarios (cyberpunk) x solution to everything
– past as guidance X certain aspects enhanced by new tech reality
27
Thank you for your attention!
Questions?
Ideas?
Answers?
Looking forward to your essays!
28