Surveillance by Design

Video thumbnail (Frame 0) Video thumbnail (Frame 1040) Video thumbnail (Frame 2187) Video thumbnail (Frame 2845) Video thumbnail (Frame 3906) Video thumbnail (Frame 4675) Video thumbnail (Frame 5361) Video thumbnail (Frame 6045) Video thumbnail (Frame 6704) Video thumbnail (Frame 7335) Video thumbnail (Frame 8211) Video thumbnail (Frame 9237) Video thumbnail (Frame 9984) Video thumbnail (Frame 10612) Video thumbnail (Frame 11450) Video thumbnail (Frame 12199) Video thumbnail (Frame 14024) Video thumbnail (Frame 14770) Video thumbnail (Frame 15751) Video thumbnail (Frame 16699) Video thumbnail (Frame 17903) Video thumbnail (Frame 18873) Video thumbnail (Frame 19718) Video thumbnail (Frame 21332) Video thumbnail (Frame 22003) Video thumbnail (Frame 24265) Video thumbnail (Frame 25320) Video thumbnail (Frame 27776) Video thumbnail (Frame 28645) Video thumbnail (Frame 30638) Video thumbnail (Frame 31942) Video thumbnail (Frame 34708) Video thumbnail (Frame 35493) Video thumbnail (Frame 36269) Video thumbnail (Frame 37961) Video thumbnail (Frame 38882) Video thumbnail (Frame 39859) Video thumbnail (Frame 40986) Video thumbnail (Frame 41621) Video thumbnail (Frame 42368) Video thumbnail (Frame 43071) Video thumbnail (Frame 43869) Video thumbnail (Frame 45093) Video thumbnail (Frame 45870) Video thumbnail (Frame 48149) Video thumbnail (Frame 48882)
Video in TIB AV-Portal: Surveillance by Design

Formal Metadata

Surveillance by Design
Title of Series
Number of Parts
CC Attribution - ShareAlike 3.0 Germany:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this license.
Release Date

Content Metadata

Subject Area
While the collection, storage and analysis of our data becomes ever cheaper and easier, governments around the world are eager to make the surveillance of citizens the default setting. Therefore, it has never been more important to explore countermeasures that would protect our fundamental right to privacy. While the European Union continues to take positive steps to ensuring that public and private bodies protect the privacy of citizens (for example through the Data Protection Regulation), much work remains to be done in addressing issues of due process in how governments use, protect, and request user data. Specifically, government requests for so-called "lawful access" to user data are trending in both democratic and non-democratic nations, presenting one of the greatest challenges for the protection of fundamental rights. This talk will highlight this issue as well as provide a brief overview of the main challenges facing citizens in protecting their privacy, including some recent proposed laws in the EU and the US, that will show that bit by bit, our freedoms are being chipped away. The second half of the talk will focus on the need for domestic and international jurisprudence that protects our fundamental rights, and more broadly what can to be done to counter the surveillance state.
Frequency Theory of relativity Different (Kate Ryan album) Directed set Mathematical analysis Quicksort Window
Digitizing Multiplication sign Virtual machine Self-organization Right angle
Mathematics Transformation (genetics) Internetworking Telecommunication Open set Multilateration Surface of revolution
Web 2.0 Mathematics Information Internetworking Multiplication sign Physical law Information Mereology Power (physics)
Collaborationism Freeware Transformation (genetics) Information systems Surface User-generated content Mereology Product (business) Product (business) Element (mathematics) Web 2.0 Word Data mining Facebook Internetworking Resultant
Mobile Web Service (economics) Information Digitizing Physical law Combinational logic Virtual machine Cloud computing Line (geometry) Information privacy Electric power transmission Word Uniform resource locator Internetworking Software Internet der Dinge
Email Facebook Arithmetic mean Information Mobile Web Computer network Data storage device Axiom Service-oriented architecture Information privacy Rule of inference Point cloud
Game controller Service (economics) Regulator gene Physical law Information privacy Product (business)
Default (computer science) Sign (mathematics) Copyright infringement Telecommunication Mereology Information security Information security
Programming paradigm Shift operator Data storage device Summierbarkeit Mereology Game theory Information security
Point (geometry) Information State of matter Telecommunication Direction (geometry) Sound effect Bit
Type theory Email Pattern recognition Multiplication sign Telecommunication Projective plane Authorization Data storage device Office suite Surface of revolution System call
Default (computer science) Addition Shift operator Information Multiplication sign Frequency Latent heat Arithmetic mean Carry (arithmetic) Term (mathematics) Data mining Codec Extension (kinesiology)
Information Software Civil engineering Telecommunication Physical law Information privacy Proxy server
Carry (arithmetic) Authorization Database Denial-of-service attack Flow separation
Point (geometry) Default (computer science) Service (economics) Service (economics) Physical law Set (mathematics) Product (business) Personal digital assistant Telecommunication Order (biology) Speech synthesis Information security Default (computer science)
Facebook Standard deviation Inclusion map Service (economics) Googol Telecommunication Internet service provider Charge carrier Musical ensemble Real-time operating system Backdoor (computing) Product (business)
Point (geometry) Computer virus Malware Data management Software Content (media) Product (business) Number
Webcam Functional (mathematics) Email Information Internettelefonie Instance (computer science) Number Neuroinformatik Type theory Malware Software Operator (mathematics) Authorization Intercept theorem Information security
Term (mathematics) Order (biology) Summierbarkeit Information privacy Information security
Information Civil engineering Physical law Line (geometry) Information privacy System call Measurement Process (computing) Internetworking Term (mathematics) Personal digital assistant Authorization Intercept theorem Information security Traffic reporting Address space
Civil engineering Multiplication sign Modal logic Direction (geometry) Physical law Authorization Process (computing) Information privacy Information technology consulting
Standard deviation Regulärer Ausdruck <Textverarbeitung> Information Structural load Civil engineering Direction (geometry) System administrator Physical law Term (mathematics) Information privacy Number Term (mathematics) Personal digital assistant Right angle Information
Group action Service (economics) Information Observational study Open source Information and communications technology Multiplication sign Computer programming Product (business) Vector potential Facebook Personal digital assistant Internetworking Right angle Informationsgesellschaft
Mereology Mereology
Standard deviation Standard deviation Civil engineering Physical law Sound effect Measurement Rule of inference Open set Information technology consulting Arithmetic mean Telecommunication Right angle Fundamental theorem of algebra
State of matter Physical law Basis <Mathematik> Drop (liquid) Regular graph Information privacy Twitter Number Power (physics) Telecommunication Authorization Normal (geometry) Traffic reporting
Axiom of choice Personal digital assistant State of matter State of matter Videoconferencing Office suite Resultant
Information Telecommunication Right angle Field (computer science) Entire function
Information Regulator gene Direction (geometry) Maxima and minima
Medical imaging Frequency Latent heat Standard deviation Theory of relativity Profil (magazine) Operator (mathematics) Maxima and minima
Email Game controller Dependent and independent variables Integrated development environment Radio-frequency identification Term (mathematics) Encryption Control flow Mereology Information privacy
Message passing Email Internetworking Telecommunication Multiplication sign Information privacy
Collaborationism Group action Structural load Digitizing Self-organization Right angle Information privacy
Regulator gene Computer configuration Coalition Cuboid Representation (politics) Website Right angle Information privacy
the a home and
a i but
if you use which relation also so we speak the period of sort of souls assault a so this a different country itself the big difference is dead and her name is right McDonald's french is going to talk about surveillance by design and if you up the think you applause and I and and so the 1st thing that I'll
say if you were in this in the discussion before any don't understand German I will say forget everything that person and Alex just told you the on I'm Reagan I'm originally from Canada I work with an organization called access is an international NGO that defense digital rights abuses around the world and I had up the Brussels work so I've been based in Brussels in the heart of the European Union's sausage making machine so today I want to talk to you about surveillance by design and just a note I know it's a little bit late and I am standing between you and your so I will try to be and as brief as
as possible and and hopefully allow for some some time for discussion and I'm questions and so I will just do a short introduction and then I want to walk you through the foundational
principles surrounds by design and then conclude with what we need and what we can do to make the situation better so
it's quite obvious to say that the explosion in electronic communications has
affected us and continues to affect us in ways that we're still not even yet conscious of but the pace of the change is something that is definitely something to know for example the invention of the mark of modern electronic communications and the telegraph was in 1844 and and the telephone came 3 decades later but the 2nd communications revolution which have in the nineties which is basically the opening of the Internet to commercial traffic the massive laying down a fiber optic cables around the world and the worldwide adoption of mobile phones took place in roughly 10 years it these massive transform transformations basically
happen overnight so laws are not able to keep up with these changes at which is a big part of why we found ourselves in the situation the and then there was you in 2006 Time magazine made you the person of the year it was the dawn of the age
of Web 2 . 0 web 2 . 0 was a new way of interacting with the internet is focused on user power and user-centered design and I was about information sharing social networking
interoperability collaboration and wikis no longer would be individual be a passive consumer but they would also have a part in the production so there buzzwords like the froze Sumer because Web 2 . 0 meant that individuals would be would have both the instead of just being a consumer but when you scratch the surface of on Web 2 . 0 you realize that are
participatory element is not actually measured through user-generated content for our value introducing but actually through the mining and harvesting of our idea so today in 2013 were undergoing another transformation and taking another step forward we have new buzzword such as big data which is the result of the
combination of myriad pieces of information which continue to blur the line between what is personal data and what is public data the Internet of Things where more and more devices are becoming connected to the network from your fridge to your alarm clock to your washing machine by 2020 people have estimated that there will be 100 billion Internet-connected devices the this
emerging digital power grid will be run on cloud computing services this means that the origin of the data being processed and the location in which it is stored might have conflicting laws that govern the protection of that information good when you combine this with the prevalence of mobile technology what this
means is that every minute of every day we are basically hemorrhaging data this also means that it's much easier for 3rd parties to
get access to any and all of that information whether it's companies some we might know like the Facebook's and Google's and others that we don't know like a large data brokers such as axiom or government agencies we have been working for the European Commission has proposed last year a proposal to update the privacy rules in
Europe through a data protection regulations the this law would among several things give individuals much more control over their personal data and encourage accountability and transparency among public and private bodies that control your data
my personal obsession with with in in the the privacy data protection regulation is privacy by design this is a feature In the proposed that in the proposal and is the concept where the government public and private bodies basically bake privacy into the products and services and policies about personal data this is a
very welcome step back when you take a step back and look at the big picture and the where communications infrastructure is built you see that there are flaws in the design of our communications ecosystem and then there are 2 main problems with surveillance by the sign not only does excessive surveillance infringe on our rights and undermine our ability to be able to trust the technology that we have come to depend
on for our day-to-day lives but a communications infrastructure that is built with surveillance as a default in fact undermines our security so that's the introduction and now I want to walk through the 6 foundational principles they are proactive and retroactive policing surveillance as the default
setting to and security 0 sum game opaque and undemocratic policymaking and no respect for user
rights although through them and there will be a quiz later from the so the first one the use of more and more intrusive surveillance techniques by
public bodies has resulted in 2 distinct paradigm shifts in policing proactive and retroactive policing the first one as the collection and storage of data becomes much cheaper and
much easier law enforcement is increasingly prone to collect 1st and ask questions later the Data Retention Directive is a primary example of this it was passed in 2005 and the European Union came into effect in 2006 and basically mandates that all telecommunications information is stored from between 6 months to 2 years depending on the Member States this blanket retention of all of our communications data threatens the
backbone of democratic societies by removing the presumption of innocence and treating us as what would be criminal support maybe suspected criminals the 2nd point is that a little bit of data actually says a lot about In the old
days before the communications revolution law-enforcement could listening to our phone calls or even read are e-mails this often paid a heavy toll on resources for time and money to pay all of these police officers to listen to certain phone calls but with the ubiquity of technology traffic data which is collected under the Data Retention Directive which includes the calls that you make to whom what time and can in fact reveal an awful lot about us our habits and our relationships in many jurisdictions getting access to traffic data is also it also requires much less judicial authorization so is much easier to get at finally behavioral surveillance centralizing surveillance techniques law-enforcement seeks to predict
criminal behavior projects such as in that in the EU which are under way right now and through combining these surveillance techniques and types of data such as face recognition technology traffic data and social networking data + CCTV cameras and even the camera drones we're all increasingly classified as 3 criminals in the eyes of law enforcement it's also when collection and storage of data is the
default this represents another shift because meaning is derived retroactively from this information where before law enforcement would could search for a specific individual or person of interest they would define what's called a schema and apply this to the search terms what happens now is that the schema can be determined after the data has been collected and stored for several years considering various amounts of data that can be collected analyzed and stored for extended periods of time we are increasingly vulnerable to future
crimes in essence it really begs the question how are we to be sure that what is OK today will not be a great tomorrow and will not be used against us In addition to this there increasing tendency is to minimize the accountability of both law enforcement and private bodies which
governments use to access and to get to are information kind of like a proxy of the of of government surveillance many suspicions of civil society were actually recently confirmed when the Electronic Privacy
Information Center are epoch based in DC in discovered that the US Department of Justice has been issuing what's called to 511 letters to AT and T and other large companies that would basically give them legal immunity to carry out surveillance of communications of their networks and that would likely be illegal under US law the yeah ultimately this lack of judicial and ethical oversight over communications surveillance means that that now there is a problem on top of that it is subject to abuse when you actually come down to it who is managing and mining these data centers are actually just humans and
humans a flood creatures the in there as rt several examples of abuse of these databases In Europe or from the Data Retention Directive some law enforcement authorities maybe want to use it to look up an ex girlfriend or to look up an ex-wife or potentially cheating husbands come and this is also apparently a growing problem in Ireland with the Irish Minister
recently urged uh the law-enforcement authorities in Ireland to stop using the police database as what he called the social network the 2nd 1 is
surveillance as the default settings increasingly the products and services that we use every day are modified in order to allow for surveillance which fundamentally weakens the security of the services that we are supposed to depend on the case in point the Communications Assistance for Law Enforcement Act or Collier was a lot of
acronyms in my speech so I apologize and this is a US domestic law and then I I do actually have some US examples but I only say this
because the US in many ways is kind of a standard we have a good or bad in this sense um and it has
the clear has implications for all of us in Canada and the U. since were mostly using US-made products and services and the Collier mandates that all telecommunications carriers and manufacturers of equipment have to modify and designed this equipment facilities and the services to ensure that they have built in surveillance capabilities so basically all of the products are made with backdoors in them was worse his that there have been discussions in the United States about expanding the scope of Collier to a clear to 2 which would actually include large service providers like google a Twitter or Facebook to have them build in real-time wiretapping capabilities and and have them suffer large fines if they do not comply with these wire to wire tapping and requests the so we're halfway through the
principle number 3 when we were already starting at a point of insecurity by using products that are but with back doors this makes this much more vulnerable to attacks such as malicious software and other surveillance techniques that are easily set loose on us often by our own governments the 1st example of this is deep packet inspection or DPI deep packet inspection is a
filtering technique that examines the contents of data packages that are transmitted across the network and this is a tool commonly used for traffic management so to clean up viruses and spam etc. but
it can also be tweaked as a tool to spy and surveillance citizens in this for instance was 1 of the pillars of and the Tunisian and then alleys regime which they use to you to spy on citizens but also to even a modified e-mails another toy frequently used by dictatorships and democracies alike is malicious software or malware these types of software can be used uh for a number of things to disrupt computer operations gather sensitive information or just gain full access to an end user's computer In 2011 and the Chaos Computer Club in Germany has actually has an alleged that the German law enforcement authorities were actually deploying Trojans on their population the so called industry Jana from thing a about that from has and this is government design software and that is made to intercept voice over IP so on Skype for example and but the software's functionality extends far beyond that includes even by keystroke logging and having access to to web cams much of the
discourse around surveillance lies or national security or terrorism etc. is
often mistakenly framed in terms of privacy versus security this concept that we have to lose 1 in order to gain the other and this is highly flawed approach create a kind of lose-lose situation for us for citizens where were actually left in the end with neither privacy nor security and the ultimate sum is 0 a perfect example of this this is a canadian
everyone said that Canadians are nice but that 1 is not true the how could that dictates he the Public Safety Minister in Canada and the
justification for intrusive surveillance laws often kind of blurred these lines between them and terrorism national security whether it's fighting paedophiles serious crime or just crime and the problem and propose solution and the scope of the measures are very are are left unanswered and in Canada there was a so-called lawful interception bill that has been proposed in the government since 2009 call Bill SE 30 or about protecting children from Internet predators act a very controversial bill in Canada this would have basically given Canadian law enforcement authorities and warrantless access to what the user information including IP address search history I everything and the bill was luckily struck down from because there were huge protests from citizens and you know not only because the government was calling the warrantless surveillance lawful access which is a big problem and but also because it came with an accompanying report which revealed that the scope of the bill would have went far beyond paedophiles and would have included terrorism national security and even a vague term called low-level violence I have no idea what that means in canadian speak through it could be anything so this is fine is that with the
zero-sum approach where privacy and security are pinned 1 again against 1 another this is what it allows a lot of questions to go unanswered and this is particularly the case for civil liberties issues many laws are therefore able to kind of flip through the democratic process with very little public discourse and and care for the actual impacts of such surrounds measures the again I say will see 30 in Canada it never once sought
consultation from the federal nor any of the the provincial data protection authorities not to mention any academics were
anyone from civil society these laws are often propose during times of crisis or immediately after some terrible tragedy and which means that the potential collateral
damage is often ignored some of the most intrusive surveillance bills have passed in this way we all know about following and 911 in the US was the patriot act but also in Europe and the Data Retention Directive and which basically followed very closely after the London and Madrid bombings in 2004 now I have been working in Brussels for the past few years and focusing on vessels policy and the Data Retention Directive passed from 2005 to 2006 which to me is 1 of the fastest directives that has ever made it through that complex bureaucratic system and what's worse to this day the European Commission has still not been able to provide any real evidence to show the necessity or proportionality of data retention so when the debate for lack
thereof is framed in these terms laws enabling greater surveillance paths such as the Data Retention Directive there are however a number of basic human rights and civil liberties that are infringed or which among other things actually greatly reduces the ability of citizens to 1 be aware of the surveillance laws and to to uh and challenge them these laws are rarely given back once the rights are taken away they're very seldomly given back to us so here a number of some of the civil liberties implications 1 of the example is the right to access information a very dangerous standard for upsetting
standard was recently set in the United States by the supreme court of justice in a case called copper versus amnesty basically in the US Under the Bush administration and the National Security Agency and was 1 of the wire tapping its own citizens Amnesty
International had strong suspicions for a long time and perhaps rightfully so that they might have been kind of wrapped up into this warrantless surveillance they were worrying and that they have they might have been implicated so by asking for more information the supreme court actually finally ruled in this case that the international human rights group actually had no standing to challenge the program to challenge the NSA basically because they couldn't actually prove that they were being attacked for availed by a secretive and illegal wiretapping program this is exactly the kind of example that I mean when I say that surveillance by designing pulls at the fabric of our societies because it undermines in undermines the trust that we have not only in the services in the products that we use but in our own democracies more and more were dependent on these communication technologies and it's almost like what were getting accustomed to the surveillance was were getting accustomed to not trust the services that we use for example a recent study showed that 71 per cent of Facebook users which now has 1 . 1 billion active users self-censor themselves on the social network because they have basically no idea what how much and who has access to their personal information is this acceptable so
absolutely not the Internet is 1 of the most fantastic tools that can give us so much potential for liberation but it has an equal potential to unravel are free and democratic societies what we have to do is make sure that we are creating digital societies where the technology actually works for us and not against us so
how do we do that I think is the hard part
we need 4 things basically helping the public discourse research and fact-based
policy making transparency and more targeted and accountable solutions for law enforcement the so the first one public public discourse the backbone of any
sound policy-making rests upon open consultation with all relevant stakeholders it
also depends upon credible research proving facts and of course well-defined problems and solutions these measures that would or could warrant and communications surveillance must focus 1st on the actual effect to see whether or not this measure or this law would actually work or be of real benefit to law enforcement before we even get into the civil rights issues and there's always international standards and national laws international covenant on civil and political rights Universal Declaration of Human Rights and in Europe the Charter of Fundamental Rights just to name a few standards the 2nd means transparency as a basic rule companies and governments must be transparent about requests for user data and surveillance that they are mandated some companies already
do produce regular transparency reports like Google or Twitter and drop cloths and Microsoft recently started and a few others but this has to become the norm states as well must be transparent about the use and scope of communication surveillance this includes publishing these reports on an annual basis with aggregate numbers of request and how law enforcement authorities are conforming with domestic and international laws
increasingly privacy is power so if the Government must watch fast then we should watch the
government to this is already an interesting experiment that's happening
in some states in the United States through and this experiment they have asked law-enforcement to start wearing lifelogging technologies or tiny cameras both on the person and on the cases which is the weapon of choice for most police officers and the video footage is actually accessible to the public to anyone who wants to see it the results of this kind of 2 ways
surveillance actually show that benefit that that has benefited the relationship between the police and the citizenry it's kind of like leveling the playing field the 3rd 1 instead of
putting an entire citizenry under full-scale surveillance other techniques are possible and in fact have shown here the ability to meet the needs of law enforcement without grossly undermining our rights for instance data preservation instead of blanket retention most telecoms actually do end up storing some information for a few months and then deleted In fact in the
Commission's attempts to justify the Data Retention Directive the examples of when retain data was useful to them they were actually citing mostly information that was would not retained under the Data Retention Directive but retained by telcos for another reason 2nd 1 is data minimization this is also a basic principle that's in uh the Data
Protection Regulation for companies and bodies and public bodies that collect information they should only collect what is absolutely necessary and
for very specific purposes this sounds like a very simple concept but currently this is not how uh public and private bodies or functioning the 3rd 1 is to delete data
just deleted this should be standard operating practice for companies and then
given the fact of the risk that companies incurred by automatically collecting data for you know the which they don't have much use is actually causes risks for them because the the frequency of high profile data breaches is actually an an increasingly large problem both monetarily and fervor public relations image not to mention for individuals and consumers so what
can you do until we can fully change the way that electronic surveillance is regulated in the long term there are some practical solutions that you can adopt now the 1st is to be vigilant and take control part of our
responsibilities as citizens living in a technologically ubiquitous environments is that we have to ensure that we ourselves are aware of the risks and the problems that we have in depending on
communications 2nd 1 is using privacy-enhancing technologies I don't have time to go into all these but I'm happy to talk after hen I can direct you to and 2 more resources but there are ways to browse the Internet anonymously to use off-the-record messaging and monophone and on on messaging and as well to encryptor e-mails a friend once told me that the Internet is kind of dirty and it's you wanna think about it like wearing a condom you don't wanna go there back on the internet you need to protect yourself from and these are some of the highest this and perhaps should the 2nd
1 yeah get in ball
Purdue that don't so dear um was here and I saw keynote and I was about participatory democracy and the importance of of getting involved and speaking out to politicians are even becoming a politician like she did and she kind of summarize it perfectly we need less trolling and more collaboration and I think that's exactly exactly right and
access my organization and a handful of other uh European digital rights groups have joined a
coalition and to protect the Data Protection Regulation the 1 of the other things you can do is actually get involved you can and right now during the fight to protect your privacy in the European Union and we set up the site and its citizens . you and today and the next few days we actually have postcards naked postcards that you can send your representative so this is a 2 benefits and 1 you will be helping you to get involved and to protect the fundamental right to privacy and data protection but then also you get disseminated picture to an entity whose which is kind of exciting so this is so this box here and is where you can fill in you have 2 options you can you write your own or there's already 3 written texts and you can just sign and what you do is after we will send it we will balance and into the parliament ourselves so you want filet in and put into that white box and the people that are doing this art myself I will have lots of postcards and there's also some other people there you should the delegates us up and that the freedom and also Kirsten who is speaking before me and planted I think you know
uh thank you thank you and the history of the 1st questions so no questions really you all of you and this is what will be on stage these you will enjoy the body of work going from that so 1 of the books questions
all if there are no questions that support various years more it
might be the