With the ECJ’s Safe Harbor ruling fresh in mind, attendees of the 37th International Privacy Conference here in Amsterdam were ripe for a discussion of the balance between privacy and security, but perhaps they didn’t expect the focus to be on the event’s host country.
Billed as a look at where society draws the line, “What if You Had No Choice: Human Rights or Security?,” organized by anonymous calling app Warble and featuring Dutch MEP Marietje Schaake, Amnesty International’s Quirine Eijkman and Dutch lawyer Sidney Smeets, of Spong Advocaten, evolved into a pointed discussion of the recently proposed Dutch surveillance bill, which could force participation in electronic investigations and introduce the concept of “purpose-oriented” bulk data collection.
Along the way, panelists explored government’s role in protecting privacy, just as it protects citizens’ rights to safety and children’s right not to be exploited via explicit imagery.
“We see different parallels,” said Eijkman. “Some want to nationalize the Internet and regulate it like a nation state. Where others want a free and open cyberspace. But there’s not really political leadership in terms of an open cyberspace.”
Those focused on national security are uncomfortable with an unregulated Internet space, panelists agreed. For one thing, it’s become a battlefield in need of policing.
Schaake wondered, “Why can’t we declare the technical infrastructure [of the Internet] as a neutral zone where states don’t attack each other?”
Despite a general inclination toward less government regulation – “I’m a liberal,” she noted – Schaake said some government oversight of web traffic and data collection is necessary.
Otherwise, “companies are the new sovereigns in this unregulated space,” she said. “Given that so many services or technologies or layers of the Internet, and all the things connected to it, are in the control of private companies, they become the de facto defender and creator of norms.”
This is a problem, she said, when we have companies like Facebook beginning to create a definition for the cultural acceptance of nudity, by instituting policies of what’s appropriate to post or not. Or, worse, deciding what’s an appropriate government request for data and whether to fight it or not.
Personal information is “often sought by governments in the name of fighting the worst of the worst crimes,” Schaake said. No one wants to support child pornographers, she argued, but “the risk is that if you allow private companies to assess that kind of information, then the door is open, and we see IP enforcement by private companies, other forms of internet governance by private companies.”
She wondered where the accountability would come from. “I see a problem in companies talking about self-regulation,” she said. “I would make a plea for more responsible governance by governments. In the absence of such norms in the public interest, we’ll see private companies setting them, and that has its own dangers.”
Just look at the proposed surveillance bill in the Netherlands, said Spong Advocats’ Smeets. The language on encryption “makes it possible to order the decryption of your computer without anyone knowing there’s anything illegal on your computer,” he said. “And if you refuse, then the suspicion rises, and you can be fined for not giving the code, which goes against a lot of European jurisprudence.”
The “nothing to hide” argument is alive and well in Europe, that’s for sure.
“If you oppose these regulations that make it easier for the governments to scan your computer for child pornography, then you’re suspicious,” Smeets said. “‘What do you have to hide?’”
Well, Smeets continued, “Of course I have something to hide. Everyone has something to hide. It’s not abnormal or strange to want to protect your secrets, even if your secrets aren’t particularly interesting … We have the right to have things on our computers that no one has to know about.”
Unfortunately, these kinds of big-picture debates about the harm to human rights presented by security bills don’t happen in the reactionary world of terrorist attacks and knee-jerk solutions, said Amnesty’s Eijkman. “If you talk about cybersecurity, it’s very issue-driven,” she said, “and there’s very little debate on the national level. We’re not clear where we’re going in terms of cyber governance.” What is the Dutch citizenry’s position on encryption? We should explore that before passing legislation about it, she argued.
Sharing data could absolutely be justified to fight terrorism, she continued, “but what about the consequences for dissidents? Gathering data in bulk means more responsibility, more discussion of the governance of what we can do with technology. Who is responsible for the consequences?”
If you want to comment on this post, you need to login.