Privacy vs. security a given trade-off? Joint conference on SurPRISE, PRISMS and PACT: Citizens Perspectives on Surveillance, Security and Privacy: Controversies, Alternatives and Solutions. Vienna, 3-4 November 24 Surveillance, Privacy and Security: A large scale participatory assessment of criteria and factors determining acceptability and acceptance of security technologies in Europe Stefan Strauß This project has received funding from the European Union s Seventh Framework Programme for research, technological development and demonstration under grant agreement no 285492.
Privacy and security a trade-off? In the fundamental rights liberty is the defining value: democracy, the rule of law and fundamental rights are designed to protect the liberty of the individual within the society. Thus, security is neither analogous nor opposed to liberty. (cf. Guild et al 28) Privacy=state free from interference, a form of liberty Intrusion is the exception not the norm EU Fundamental Rights Charter: Art. 6 Right to liberty and security Art. 7 Respect for private and family life Art. 8 Protection of personal data Trade-Off reflects a constructed neither-nor situation without considering complementarity (cf. Solvove 26, 2) Trade-off not inherent, results from surveillance as security practice reinforced by technology Security gain?
How the tradeoff occurs Technological disclosure by default (Strauß/Nentwich 23) diminishing boundaries between personal and non-personal information Economic security as business model (security economy) Political securitization and increasing pre-emption/vention Societal decreasing privacy awareness and increasing self-exposure via social media etc.
Securitization Security as continuing process Securitization: the very political act of defining what counts as a threat through the label security problems are turned into existential threats that require exceptional, emergency measures, which may include breaking otherwise binding rules or governing by decrees rather than by democratic decisions. (Trombetta 29) sustained strategic practice aimed at convincing a target audience to accept the claim that a specific development is threatening enough to deserve an immediate policy to alleviate it (Balzacq 25) conceputalizes security not as an objective condition but rather as a process marked by the intersubjective establishment of an existential threat with sufficient saliency to have political effects (Watson 2) Security becomes a quasi-central virtue and vehicle for political priorities and actions
Transformation from traditional to human-centered security Owen (24)
EU-Security policy Overview Broad range of threats Terrorism, cybercrime, poverty, hunger, disease, international conflicts, climate change, lack of resources, state failure, etc. But measures mainly focus on fighting crime and terrorism, border control, cyber-security Security as economic factor Security is a precondition of development. Conflict not only destroys infrastructure, (including social infrastructure); it also encourages criminality, deters investment and makes normal economic activity impossible. (ESS 23)
Paradigm shifts in security policy Extended security framing and calls for holistic approach Security as economic driver Security economy (OECD 24) Changing relation between security and liberty in the EU The Hague Programme, continued with Stockholm Programme (2-4) Overlap between internal and external security (civilian, police and military activities) Blurring boundaries between normal /rule-based and exceptional states Inherent logic of prevention and pre-emptive security measures Gaps between security threats and measures Individual partially becomes suspicious and turns from protected object into the threat Increasing surveillance tendencies in law enforcement + information exchange and connectivity (DR, PNR, Eurodac, Eurosur, Schengen IS, etc.), predictive policing,..
Citizens perceptions General attitudes and concerns % % 2 43 8 7 The use of SOSTs improves public security 8 8 2 3 2 2 SOSTs are only used to show something is being done to fight crime 4 2 4 23 27 If you have done nothing wrong you do not have to worry about SOSTs 35 35 2 Once SOSTs are in the place, they are likely to be abused 4 3 4 4 I am concerned that my personal information may be used against me 36 33 7 3 I am concerned that too much information is collected about me 66 5 3 I am concerned that my personal information may be shared without my permission N=772
Citizens perceptions tradeoff Contradictions in opinions of nothing to hide agreers: Nothing to hide but concerned that too much information is collected about me 8,5% 6% concerned that my personal information might be used against me 2% 7% concerned that my personal information may be shared without my permission Concerned 8,5% 29% 85% 23% 23% 8% 8% 9% 83% 96% Not concerned 52% 54% Neither nor agreers (N=549) opposers (N=84) agreers (N=54) opposers (N=87) agreers (N=549) opposers (N=83) NA
Effectiveness vs. intrusiveness % 2% 4% 6% 8% % 2 5 23 2 9 In my opinion, is an effective national security tool 8 8 5 34 22 38 4 3 2 28 27 64 36 The idea of makes me feel uncomfortable I feel more secure when is in operation 29 4 2 32 I feel that Is forced upon me without my permission 27 22 24 28 24 8 8 24 23 4 22 34 2 4 7 7 4 8 8 6 9 2 9 3 2 5 2
Major concerns about SOST usage % 2% 4% 6% 8% % 28 32 37 4 33 44 38 38 37 55 how usage may develop in future 28 5 24 32 it can reveal sensitive information about me 42 46 it can lead to misinterpretations of my behaviour 24 it can reveal strangers where I am (or was) 34 22 5 it can violate my fundamental human rights 33 5 it can violate everyone's fundamental human rights 34 28 26 3 3 34 5 29 3 3 28 7 32 3 29 8 2 3 2 4 5 2 9 3 3 2 2 4 9 8 2 7 5 2 6 7 3 6 6 7 3 5 4 4 7 9 5 4 5 5 5 3 8 4
Intrusiveness and acceptability the level of intrusiveness is acceptable given the public security benefits it offers 35 48 48 SOST is privacy intrusive 5 5 7 SOST improves public security 48 59 59 Laws and regulations ensure that SOST is not misused 24 9 24
Trust in security authorities % 2% 4% 6% 8% % 8 28 32 3 3 7 29 26 9 5 3 2 34 32 9 3 security authorities which use are trustworthy 7 26 35 7 5 4 23 35 9 7 9 3 35 8 6 are competent in what they do 29 3 7 2 2 6 28 29 9 5 4 8 36 33 3 7 4 are concerned about the welfare of citizens as well as national security 5 7 29 23 23 4 3 28 27 6 5 24 33 2 4 4 do not abuse their power
Summary and conclusions Securitization vs. Privatization of privacy and loss of its public value Extended security concept partially plausible due to complex global challenges Vague effectiveness with gaps between measures and threats Pre-emption and mass surveillance create new insecurities and reinforce the (alleged) security/privacy tradeoff and vice versa How far can/should pre-emption and prevention go? Increasing dynamic of security while privacy remained relatively static Overcoming the tradeoff fallacy by asking the right questions: not whether but how privacy should be protected (cf. Solove 2) Reconsidering privacy as a form of autonomy and liberty with multiple dimensions towards more systematic privacy impact assessments and effective privacy by design Enhancing transparency, accountability and oversight of SOSTs+practices to revitalize the public value of privacy
Thank you for your interest! Stefan Strauß Institute of Technology Assessment (ITA) Austrian Academy of Sciences A-3 Vienna, Strohgasse 45/5 Tel: +43 () 558 6599 Fax: +43 () 79883 Email: sstrauss@oeaw.ac.at Web: http://www.oeaw.ac.at/ita/en/