The switch in intelligence surveillance strategy
The national digital council (CNN, France) did an article about surveillance and prediction with metadata. The CNN self-seized itself about the issue of encryption of data. Metadata are data about other data. For instance, when you communicate with your phone, it is possible to identify the origin, the destination, the date and the geographical position. It is necessary for the good functioning of services (not encrypted normally, TOR can enable you to mirror your IP in other countries, for example and the National Science Foundation and Goggle are funding the Vuvuzela project).
There is currently not an homogeneous definition and make the dialogue difficult between between lawyer and computer scientists
In France, the criticism was raised for the Act on military programming of 2013 and the law on surveillance of 2015. The legal regime is less protective (no correspondence secret). There is a major issue about the access for judicial and administrative authorities. Process of exchange of information at the international level is slow or they face resistance from service suppliers.
According to the CNN, the European legal regime is binary:
- Operators must comply with “private life” directive” (conservation of data only for public security matters)
- Legal gap concerning interception or legal conservation of data.
The Public Prosecutor of Paris, François Molins, is complaining about Telegram, which doesn’t transmit any data.
The treatment of data switch from the content to the container because it is easier to access to these data and it is less expensive because it is automatized (with an AI treating data). According to Rémi Récio, general delegate of the national commission of control of security interceptions (CNCIS) said in 2010 that it enale to reconstitute networks.
From targeted and punctual surveillance we switched to permanent and general surveillance. It enable to detect weak signals to predict and prevent. Thanks to it, it is possible to do a mapping and define our social behaviours. Even the CJEU said in the case Digital Rights Ireland Ltd (C‑293/12) v. Minister for Communications, Marine and Natural Resources, Minister for Justice, Equality and Law Reform, Commissioner of the Garda Síochána, Ireland, The Attorney General:
“Those data, taken as a whole, may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained, such as the habits of everyday life, permanent or temporary places of residence, daily or other movements, the activities carried out, the social relationships of those persons and the social environments frequented by them.”
AI can constitute patterns.
The law about intelligence (2015) was ade for a massive surveillance of “anonymized” metadata called “black boxes”.
Now, the intelligence services are inspiring themselves from Google and Amazon who are able to tailor their offer to their clients thanks to the data they collect by searching or buying something. But for making it effective, it needs to define a detection threshold, which is difficult. More the rate of detection is high, more there will be “fake positive”, so we can question the effectiveness of “black boxes”. Tracked people will readapt their behaviours and fake positive can create discrimination.
For instance, the Strategis Subject List is used in Chicago since 2013. Criminality hasn’t decreased. Rand corporation Think tank analysed that it doesn’t prevent the crime, it just increases arrest the persons on this list.
The consequence of such generalized surveillance of people could lead to self-censorship of people.
The new market of digital privacy
Data ethics talks about the new market of digital privacy. They metion Duckduckgo, findx, startpage and Qwant for Search engines, Wire, wickr and signal for chatapps, Disconnect, Adblockfast and Better for blocking tracking cookies, TOR and Fakenamegenerator to go undercover, Protonmail and Startmail to email without getting ads based on your email messages. With the upcoming data protection regulation from the EU, the GDPR (that will enter into force in May 2018), these privacy tech companies could be the great winners because most of them are European and we are in a period where each country is thinking about protect their data from foreign and economic intelligence. On that matter, the Tuesday 14th of February, UK launched its National Cyber Security Centre, which shows that cybersecurity is a growing concern for States since CIA said that they have proofs about Russian hacks during the US presidential elections.
At the same time, Digital means of surveillance, even if their effectiveness are still questioned, are progressing in the public area, as “Le Parisien” newspaper noticed, Eurostar, at the Northern railway station of Paris, will use facial recognition for adults with biometrics passports. This measure is already used in the UK.
This week-end, there was the Munich Conference on Security. For this, the EU prepared a plan to create a European Fund of Defence to finance investment in equipment and technologies of defence, doing the promotion of investment in this area for SME and start-ups supplying the defence industry and reinforce of the Defence Single Market to allow companies to win more Defence public markets.
The European Union Agency for Network and Information Security propose public consultation to give you the floor about the role of a future cybersecurity agency in the EU until the 12th of April
The “Journal du net” digital media did an article to say how companies should adapt themselves to GDPR regulation. They will have to comply with the article 25 of the regulation “privacy by design” and will have to do the current work of national authorities of control. Each company will need a delegate for it.
“Le Monde” newspaper is talking about the privacy shield, the agreement between the US and the EU about data use and protection. The agreement would be at stake because the new president Trump did an executive order modifying the privacy act for non-americans. It means that protection of data of European consumers of Google or Amazon, for example, could be not anymore guaranteed. But European Commission assure that these 2 texts are distincts and European citizen doesn’t have to be worried about that. But for the President of the G29 and the CNIL, the French authority of control about digital freedom, Isabelle Falque-Pierrotin, has the opinion that the executive order could have some consequences for European citizens. The G29 has asked a clarification on the situation. To be continued…