Surveillance by Design
Formal Metadata
| Title |
Surveillance by Design
|
| Title of Series | |
| Number of Parts |
132
|
| Author |
|
| License |
CC Attribution - ShareAlike 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license. |
| Identifiers |
|
| Publisher |
|
| Release Date |
2013
|
| Language |
English
|
Content Metadata
| Subject Area | |
| Abstract |
While the collection, storage and analysis of our data becomes ever cheaper and easier, governments around the world are eager to make the surveillance of citizens the default setting. Therefore, it has never been more important to explore countermeasures that would protect our fundamental right to privacy. While the European Union continues to take positive steps to ensuring that public and private bodies protect the privacy of citizens (for example through the Data Protection Regulation), much work remains to be done in addressing issues of due process in how governments use, protect, and request user data. Specifically, government requests for so-called "lawful access" to user data are trending in both democratic and non-democratic nations, presenting one of the greatest challenges for the protection of fundamental rights. This talk will highlight this issue as well as provide a brief overview of the main challenges facing citizens in protecting their privacy, including some recent proposed laws in the EU and the US, that will show that bit by bit, our freedoms are being chipped away. The second half of the talk will focus on the need for domestic and international jurisprudence that protects our fundamental rights, and more broadly what can to be done to counter the surveillance state.
|
00:00
Frequency
Theory of relativity
Different (Kate Ryan album)
Directed set
Mathematical analysis
Quicksort
Window
00:42
Digitizing
Multiplication sign
Virtual machine
Self-organization
Right angle
01:40
Mathematics
Transformation (genetics)
Internetworking
Telecommunication
Open set
Multilateration
Surface of revolution
02:36
Web 2.0
Mathematics
Information
Internetworking
Multiplication sign
Physical law
Information
Mereology
Power (physics)
03:07
Collaborationism
Freeware
Transformation (genetics)
Information systems
Surface
User-generated content
Mereology
Product (business)
Product (business)
Element (mathematics)
Web 2.0
Word
Data mining
Facebook
Internetworking
Resultant
04:02
Mobile Web
Service (economics)
Information
Digitizing
Physical law
Combinational logic
Virtual machine
Cloud computing
Line (geometry)
Information privacy
Electric power transmission
Word
Uniform resource locator
Internetworking
Software
Internet der Dinge
04:53
Email
Facebook
Arithmetic mean
Information
Mobile Web
Computer network
Data storage device
Axiom
Service-oriented architecture
Information privacy
Rule of inference
Point cloud
05:28
Game controller
Service (economics)
Regulator gene
Physical law
Information privacy
Product (business)
06:09
Default (computer science)
Sign (mathematics)
Copyright infringement
Telecommunication
Mereology
Information security
Information security
07:04
Programming paradigm
Shift operator
Data storage device
Summierbarkeit
Mereology
Game theory
Information security
07:38
Point (geometry)
Information
State of matter
Telecommunication
Direction (geometry)
Sound effect
Bit
08:26
Type theory
Email
Pattern recognition
Multiplication sign
Telecommunication
Projective plane
Authorization
Data storage device
Office suite
Surface of revolution
System call
09:51
Default (computer science)
Addition
Shift operator
Information
Multiplication sign
Frequency
Latent heat
Arithmetic mean
Carry (arithmetic)
Term (mathematics)
Data mining
Codec
Extension (kinesiology)
10:52
Information
Software
Civil engineering
Telecommunication
Physical law
Information privacy
Proxy server
11:56
Carry (arithmetic)
Authorization
Database
Denial-of-service attack
Flow separation
12:35
Point (geometry)
Default (computer science)
Service (economics)
Service (economics)
Physical law
Set (mathematics)
Product (business)
Personal digital assistant
Telecommunication
Order (biology)
Speech synthesis
Information security
Default (computer science)
13:09
Facebook
Standard deviation
Inclusion map
Service (economics)
Googol
Telecommunication
Internet service provider
Charge carrier
Musical ensemble
Real-time operating system
Backdoor (computing)
Product (business)
14:13
Point (geometry)
Computer virus
Malware
Data management
Software
Content (media)
Product (business)
Number
14:57
Webcam
Functional (mathematics)
Email
Information
Internettelefonie
Instance (computer science)
Number
Neuroinformatik
Type theory
Malware
Software
Operator (mathematics)
Authorization
Intercept theorem
Information security
16:23
Term (mathematics)
Order (biology)
Summierbarkeit
Information privacy
Information security
17:05
Information
Civil engineering
Physical law
Line (geometry)
Information privacy
System call
Measurement
Process (computing)
Internetworking
Term (mathematics)
Personal digital assistant
Authorization
Intercept theorem
Information security
Traffic reporting
Address space
19:06
Civil engineering
Multiplication sign
Modal logic
Direction (geometry)
Physical law
Authorization
Process (computing)
Information privacy
Information technology consulting
20:26
Standard deviation
RegulƤrer Ausdruck <Textverarbeitung>
Information
Structural load
Civil engineering
Direction (geometry)
System administrator
Physical law
Term (mathematics)
Information privacy
Number
Term (mathematics)
Personal digital assistant
Right angle
Information
21:37
Group action
Service (economics)
Information
Observational study
Open source
Information and communications technology
Multiplication sign
Computer programming
Product (business)
Vector potential
Facebook
Personal digital assistant
Internetworking
Right angle
Informationsgesellschaft
23:40
Mereology
Mereology
24:11
Standard deviation
Standard deviation
Civil engineering
Physical law
Sound effect
Measurement
Rule of inference
Open set
Information technology consulting
Arithmetic mean
Telecommunication
Right angle
Fundamental theorem of algebra
25:18
State of matter
Physical law
Basis <Mathematik>
Drop (liquid)
Regular graph
Information privacy
Twitter
Number
Power (physics)
Telecommunication
Authorization
Normal (geometry)
Traffic reporting
26:02
Axiom of choice
Personal digital assistant
State of matter
State of matter
Videoconferencing
Office suite
Resultant
26:34
Information
Telecommunication
Right angle
Field (computer science)
Entire function
27:19
Information
Regulator gene
Direction (geometry)
Maxima and minima
27:53
Medical imaging
Frequency
Latent heat
Standard deviation
Theory of relativity
Profil (magazine)
Operator (mathematics)
Maxima and minima
28:43
Email
Game controller
Dependent and independent variables
Integrated development environment
Radio-frequency identification
Term (mathematics)
Encryption
Control flow
Mereology
Information privacy
29:15
Message passing
Email
Internetworking
Telecommunication
Multiplication sign
Information privacy
30:07
Collaborationism
Group action
Structural load
Digitizing
Self-organization
Right angle
Information privacy
30:42
Regulator gene
Computer configuration
Coalition
Cuboid
Representation (politics)
Website
Right angle
Information privacy
00:00
the a home and
00:08
a i but
00:12
if you use which relation also so we speak the period of sort of souls assault a so this a different country itself the big difference is dead and her name is right McDonald's french is going to talk about surveillance by design and if you up the think you applause and I and and so the 1st thing that I'll
00:44
say if you were in this in the discussion before any don't understand German I will say forget everything that person and Alex just told you the on I'm Reagan I'm originally from Canada I work with an organization called access is an international NGO that defense digital rights abuses around the world and I had up the Brussels work so I've been based in Brussels in the heart of the European Union's sausage making machine so today I want to talk to you about surveillance by design and just a note I know it's a little bit late and I am standing between you and your so I will try to be and as brief as
01:30
as possible and and hopefully allow for some some time for discussion and I'm questions and so I will just do a short introduction and then I want to walk you through the foundational
01:40
principles surrounds by design and then conclude with what we need and what we can do to make the situation better so
01:50
it's quite obvious to say that the explosion in electronic communications has
01:55
affected us and continues to affect us in ways that we're still not even yet conscious of but the pace of the change is something that is definitely something to know for example the invention of the mark of modern electronic communications and the telegraph was in 1844 and and the telephone came 3 decades later but the 2nd communications revolution which have in the nineties which is basically the opening of the Internet to commercial traffic the massive laying down a fiber optic cables around the world and the worldwide adoption of mobile phones took place in roughly 10 years it these massive transform transformations basically
02:39
happen overnight so laws are not able to keep up with these changes at which is a big part of why we found ourselves in the situation the and then there was you in 2006 Time magazine made you the person of the year it was the dawn of the age
02:55
of Web 2 . 0 web 2 . 0 was a new way of interacting with the internet is focused on user power and user-centered design and I was about information sharing social networking
03:08
interoperability collaboration and wikis no longer would be individual be a passive consumer but they would also have a part in the production so there buzzwords like the froze Sumer because Web 2 . 0 meant that individuals would be would have both the instead of just being a consumer but when you scratch the surface of on Web 2 . 0 you realize that are
03:35
participatory element is not actually measured through user-generated content for our value introducing but actually through the mining and harvesting of our idea so today in 2013 were undergoing another transformation and taking another step forward we have new buzzword such as big data which is the result of the
04:02
combination of myriad pieces of information which continue to blur the line between what is personal data and what is public data the Internet of Things where more and more devices are becoming connected to the network from your fridge to your alarm clock to your washing machine by 2020 people have estimated that there will be 100 billion Internet-connected devices the this
04:30
emerging digital power grid will be run on cloud computing services this means that the origin of the data being processed and the location in which it is stored might have conflicting laws that govern the protection of that information good when you combine this with the prevalence of mobile technology what this
04:55
means is that every minute of every day we are basically hemorrhaging data this also means that it's much easier for 3rd parties to
05:06
get access to any and all of that information whether it's companies some we might know like the Facebook's and Google's and others that we don't know like a large data brokers such as axiom or government agencies we have been working for the European Commission has proposed last year a proposal to update the privacy rules in
05:31
Europe through a data protection regulations the this law would among several things give individuals much more control over their personal data and encourage accountability and transparency among public and private bodies that control your data
05:49
my personal obsession with with in in the the privacy data protection regulation is privacy by design this is a feature In the proposed that in the proposal and is the concept where the government public and private bodies basically bake privacy into the products and services and policies about personal data this is a
06:14
very welcome step back when you take a step back and look at the big picture and the where communications infrastructure is built you see that there are flaws in the design of our communications ecosystem and then there are 2 main problems with surveillance by the sign not only does excessive surveillance infringe on our rights and undermine our ability to be able to trust the technology that we have come to depend
06:41
on for our day-to-day lives but a communications infrastructure that is built with surveillance as a default in fact undermines our security so that's the introduction and now I want to walk through the 6 foundational principles they are proactive and retroactive policing surveillance as the default
07:05
setting to and security 0 sum game opaque and undemocratic policymaking and no respect for user
07:15
rights although through them and there will be a quiz later from the so the first one the use of more and more intrusive surveillance techniques by
07:25
public bodies has resulted in 2 distinct paradigm shifts in policing proactive and retroactive policing the first one as the collection and storage of data becomes much cheaper and
07:39
much easier law enforcement is increasingly prone to collect 1st and ask questions later the Data Retention Directive is a primary example of this it was passed in 2005 and the European Union came into effect in 2006 and basically mandates that all telecommunications information is stored from between 6 months to 2 years depending on the Member States this blanket retention of all of our communications data threatens the
08:09
backbone of democratic societies by removing the presumption of innocence and treating us as what would be criminal support maybe suspected criminals the 2nd point is that a little bit of data actually says a lot about In the old
08:27
days before the communications revolution law-enforcement could listening to our phone calls or even read are e-mails this often paid a heavy toll on resources for time and money to pay all of these police officers to listen to certain phone calls but with the ubiquity of technology traffic data which is collected under the Data Retention Directive which includes the calls that you make to whom what time and can in fact reveal an awful lot about us our habits and our relationships in many jurisdictions getting access to traffic data is also it also requires much less judicial authorization so is much easier to get at finally behavioral surveillance centralizing surveillance techniques law-enforcement seeks to predict
09:22
criminal behavior projects such as in that in the EU which are under way right now and through combining these surveillance techniques and types of data such as face recognition technology traffic data and social networking data + CCTV cameras and even the camera drones we're all increasingly classified as 3 criminals in the eyes of law enforcement it's also when collection and storage of data is the
09:53
default this represents another shift because meaning is derived retroactively from this information where before law enforcement would could search for a specific individual or person of interest they would define what's called a schema and apply this to the search terms what happens now is that the schema can be determined after the data has been collected and stored for several years considering various amounts of data that can be collected analyzed and stored for extended periods of time we are increasingly vulnerable to future
10:31
crimes in essence it really begs the question how are we to be sure that what is OK today will not be a great tomorrow and will not be used against us In addition to this there increasing tendency is to minimize the accountability of both law enforcement and private bodies which
10:53
governments use to access and to get to are information kind of like a proxy of the of of government surveillance many suspicions of civil society were actually recently confirmed when the Electronic Privacy
11:10
Information Center are epoch based in DC in discovered that the US Department of Justice has been issuing what's called to 511 letters to AT and T and other large companies that would basically give them legal immunity to carry out surveillance of communications of their networks and that would likely be illegal under US law the yeah ultimately this lack of judicial and ethical oversight over communications surveillance means that that now there is a problem on top of that it is subject to abuse when you actually come down to it who is managing and mining these data centers are actually just humans and
11:56
humans a flood creatures the in there as rt several examples of abuse of these databases In Europe or from the Data Retention Directive some law enforcement authorities maybe want to use it to look up an ex girlfriend or to look up an ex-wife or potentially cheating husbands come and this is also apparently a growing problem in Ireland with the Irish Minister
12:21
recently urged uh the law-enforcement authorities in Ireland to stop using the police database as what he called the social network the 2nd 1 is
12:35
surveillance as the default settings increasingly the products and services that we use every day are modified in order to allow for surveillance which fundamentally weakens the security of the services that we are supposed to depend on the case in point the Communications Assistance for Law Enforcement Act or Collier was a lot of
12:59
acronyms in my speech so I apologize and this is a US domestic law and then I I do actually have some US examples but I only say this
13:09
because the US in many ways is kind of a standard we have a good or bad in this sense um and it has
13:18
the clear has implications for all of us in Canada and the U. since were mostly using US-made products and services and the Collier mandates that all telecommunications carriers and manufacturers of equipment have to modify and designed this equipment facilities and the services to ensure that they have built in surveillance capabilities so basically all of the products are made with backdoors in them was worse his that there have been discussions in the United States about expanding the scope of Collier to a clear to 2 which would actually include large service providers like google a Twitter or Facebook to have them build in real-time wiretapping capabilities and and have them suffer large fines if they do not comply with these wire to wire tapping and requests the so we're halfway through the
14:16
principle number 3 when we were already starting at a point of insecurity by using products that are but with back doors this makes this much more vulnerable to attacks such as malicious software and other surveillance techniques that are easily set loose on us often by our own governments the 1st example of this is deep packet inspection or DPI deep packet inspection is a
14:43
filtering technique that examines the contents of data packages that are transmitted across the network and this is a tool commonly used for traffic management so to clean up viruses and spam etc. but
14:57
it can also be tweaked as a tool to spy and surveillance citizens in this for instance was 1 of the pillars of and the Tunisian and then alleys regime which they use to you to spy on citizens but also to even a modified e-mails another toy frequently used by dictatorships and democracies alike is malicious software or malware these types of software can be used uh for a number of things to disrupt computer operations gather sensitive information or just gain full access to an end user's computer In 2011 and the Chaos Computer Club in Germany has actually has an alleged that the German law enforcement authorities were actually deploying Trojans on their population the so called industry Jana from thing a about that from has and this is government design software and that is made to intercept voice over IP so on Skype for example and but the software's functionality extends far beyond that includes even by keystroke logging and having access to to web cams much of the
16:14
discourse around surveillance lies or national security or terrorism etc. is
16:23
often mistakenly framed in terms of privacy versus security this concept that we have to lose 1 in order to gain the other and this is highly flawed approach create a kind of lose-lose situation for us for citizens where were actually left in the end with neither privacy nor security and the ultimate sum is 0 a perfect example of this this is a canadian
16:54
everyone said that Canadians are nice but that 1 is not true the how could that dictates he the Public Safety Minister in Canada and the
17:06
justification for intrusive surveillance laws often kind of blurred these lines between them and terrorism national security whether it's fighting paedophiles serious crime or just crime and the problem and propose solution and the scope of the measures are very are are left unanswered and in Canada there was a so-called lawful interception bill that has been proposed in the government since 2009 call Bill SE 30 or about protecting children from Internet predators act a very controversial bill in Canada this would have basically given Canadian law enforcement authorities and warrantless access to what the user information including IP address search history I everything and the bill was luckily struck down from because there were huge protests from citizens and you know not only because the government was calling the warrantless surveillance lawful access which is a big problem and but also because it came with an accompanying report which revealed that the scope of the bill would have went far beyond paedophiles and would have included terrorism national security and even a vague term called low-level violence I have no idea what that means in canadian speak through it could be anything so this is fine is that with the
18:34
zero-sum approach where privacy and security are pinned 1 again against 1 another this is what it allows a lot of questions to go unanswered and this is particularly the case for civil liberties issues many laws are therefore able to kind of flip through the democratic process with very little public discourse and and care for the actual impacts of such surrounds measures the again I say will see 30 in Canada it never once sought
19:07
consultation from the federal nor any of the the provincial data protection authorities not to mention any academics were
19:15
anyone from civil society these laws are often propose during times of crisis or immediately after some terrible tragedy and which means that the potential collateral
19:30
damage is often ignored some of the most intrusive surveillance bills have passed in this way we all know about following and 911 in the US was the patriot act but also in Europe and the Data Retention Directive and which basically followed very closely after the London and Madrid bombings in 2004 now I have been working in Brussels for the past few years and focusing on vessels policy and the Data Retention Directive passed from 2005 to 2006 which to me is 1 of the fastest directives that has ever made it through that complex bureaucratic system and what's worse to this day the European Commission has still not been able to provide any real evidence to show the necessity or proportionality of data retention so when the debate for lack
20:28
thereof is framed in these terms laws enabling greater surveillance paths such as the Data Retention Directive there are however a number of basic human rights and civil liberties that are infringed or which among other things actually greatly reduces the ability of citizens to 1 be aware of the surveillance laws and to to uh and challenge them these laws are rarely given back once the rights are taken away they're very seldomly given back to us so here a number of some of the civil liberties implications 1 of the example is the right to access information a very dangerous standard for upsetting
21:19
standard was recently set in the United States by the supreme court of justice in a case called copper versus amnesty basically in the US Under the Bush administration and the National Security Agency and was 1 of the wire tapping its own citizens Amnesty
21:39
International had strong suspicions for a long time and perhaps rightfully so that they might have been kind of wrapped up into this warrantless surveillance they were worrying and that they have they might have been implicated so by asking for more information the supreme court actually finally ruled in this case that the international human rights group actually had no standing to challenge the program to challenge the NSA basically because they couldn't actually prove that they were being attacked for availed by a secretive and illegal wiretapping program this is exactly the kind of example that I mean when I say that surveillance by designing pulls at the fabric of our societies because it undermines in undermines the trust that we have not only in the services in the products that we use but in our own democracies more and more were dependent on these communication technologies and it's almost like what were getting accustomed to the surveillance was were getting accustomed to not trust the services that we use for example a recent study showed that 71 per cent of Facebook users which now has 1 . 1 billion active users self-censor themselves on the social network because they have basically no idea what how much and who has access to their personal information is this acceptable so
23:13
absolutely not the Internet is 1 of the most fantastic tools that can give us so much potential for liberation but it has an equal potential to unravel are free and democratic societies what we have to do is make sure that we are creating digital societies where the technology actually works for us and not against us so
23:43
how do we do that I think is the hard part
23:50
we need 4 things basically helping the public discourse research and fact-based
23:57
policy making transparency and more targeted and accountable solutions for law enforcement the so the first one public public discourse the backbone of any
24:12
sound policy-making rests upon open consultation with all relevant stakeholders it
24:20
also depends upon credible research proving facts and of course well-defined problems and solutions these measures that would or could warrant and communications surveillance must focus 1st on the actual effect to see whether or not this measure or this law would actually work or be of real benefit to law enforcement before we even get into the civil rights issues and there's always international standards and national laws international covenant on civil and political rights Universal Declaration of Human Rights and in Europe the Charter of Fundamental Rights just to name a few standards the 2nd means transparency as a basic rule companies and governments must be transparent about requests for user data and surveillance that they are mandated some companies already
25:20
do produce regular transparency reports like Google or Twitter and drop cloths and Microsoft recently started and a few others but this has to become the norm states as well must be transparent about the use and scope of communication surveillance this includes publishing these reports on an annual basis with aggregate numbers of request and how law enforcement authorities are conforming with domestic and international laws
25:55
increasingly privacy is power so if the Government must watch fast then we should watch the
26:03
government to this is already an interesting experiment that's happening
26:09
in some states in the United States through and this experiment they have asked law-enforcement to start wearing lifelogging technologies or tiny cameras both on the person and on the cases which is the weapon of choice for most police officers and the video footage is actually accessible to the public to anyone who wants to see it the results of this kind of 2 ways
26:35
surveillance actually show that benefit that that has benefited the relationship between the police and the citizenry it's kind of like leveling the playing field the 3rd 1 instead of
26:51
putting an entire citizenry under full-scale surveillance other techniques are possible and in fact have shown here the ability to meet the needs of law enforcement without grossly undermining our rights for instance data preservation instead of blanket retention most telecoms actually do end up storing some information for a few months and then deleted In fact in the
27:20
Commission's attempts to justify the Data Retention Directive the examples of when retain data was useful to them they were actually citing mostly information that was would not retained under the Data Retention Directive but retained by telcos for another reason 2nd 1 is data minimization this is also a basic principle that's in uh the Data
27:46
Protection Regulation for companies and bodies and public bodies that collect information they should only collect what is absolutely necessary and
27:55
for very specific purposes this sounds like a very simple concept but currently this is not how uh public and private bodies or functioning the 3rd 1 is to delete data
28:09
just deleted this should be standard operating practice for companies and then
28:15
given the fact of the risk that companies incurred by automatically collecting data for you know the which they don't have much use is actually causes risks for them because the the frequency of high profile data breaches is actually an an increasingly large problem both monetarily and fervor public relations image not to mention for individuals and consumers so what
28:44
can you do until we can fully change the way that electronic surveillance is regulated in the long term there are some practical solutions that you can adopt now the 1st is to be vigilant and take control part of our
29:02
responsibilities as citizens living in a technologically ubiquitous environments is that we have to ensure that we ourselves are aware of the risks and the problems that we have in depending on
29:16
communications 2nd 1 is using privacy-enhancing technologies I don't have time to go into all these but I'm happy to talk after hen I can direct you to and 2 more resources but there are ways to browse the Internet anonymously to use off-the-record messaging and monophone and on on messaging and as well to encryptor e-mails a friend once told me that the Internet is kind of dirty and it's you wanna think about it like wearing a condom you don't wanna go there back on the internet you need to protect yourself from and these are some of the highest this and perhaps should the 2nd
30:06
1 yeah get in ball
30:10
Purdue that don't so dear um was here and I saw keynote and I was about participatory democracy and the importance of of getting involved and speaking out to politicians are even becoming a politician like she did and she kind of summarize it perfectly we need less trolling and more collaboration and I think that's exactly exactly right and
30:36
access my organization and a handful of other uh European digital rights groups have joined a
30:44
coalition and to protect the Data Protection Regulation the 1 of the other things you can do is actually get involved you can and right now during the fight to protect your privacy in the European Union and we set up the site and its citizens . you and today and the next few days we actually have postcards naked postcards that you can send your representative so this is a 2 benefits and 1 you will be helping you to get involved and to protect the fundamental right to privacy and data protection but then also you get disseminated picture to an entity whose which is kind of exciting so this is so this box here and is where you can fill in you have 2 options you can you write your own or there's already 3 written texts and you can just sign and what you do is after we will send it we will balance and into the parliament ourselves so you want filet in and put into that white box and the people that are doing this art myself I will have lots of postcards and there's also some other people there you should the delegates us up and that the freedom and also Kirsten who is speaking before me and planted I think you know
32:07
uh thank you thank you and the history of the 1st questions so no questions really you all of you and this is what will be on stage these you will enjoy the body of work going from that so 1 of the books questions
32:36
all if there are no questions that support various years more it
32:42
might be the
