Security of e-Government European Parliament 19 February 2013

1. European Technology Assessment Group Transparency and (dis)honestyProf. Juliet LodgeExpert Group, Privacy Committee, Biometrics Institute Security of e-Government European Parliament 19 February 2013

2. Transparency & the 60% rule • Constitutional • Procedural • Practice as deception ‘It’s only a problem of labelling ‘ (UK Min) ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

3. eGov :Eroding Transparency? Constitutional: ‘EU Council worse than a papal enclave’. Duff, MEP Procedural : … foreign ‘hysteria over EU data protection laws ‘Jan Albrecht MEP Fundamental rights v. Profits: ‘IT giants ... trying to lobby away right to privacy’ Max Shrems Does the cyberworld redefine meaning + interaction? ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

4. Back to the future? • Who benefits?Whose interests are core? EU Citizens? Global Commerce? • Can T disentangle private – public responsibilities? • Who is honest? No longer a question of what ICTs can we trust but WHOM can we trust? Can we see and know that face? Recommendation: understand the importance of Quality of info, and the symbiotic reln between transparency and trust in eGov ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

5. Where do I begin and end? Physical v. virtual self and identity • Invisible Commodifying private space Implications for Vulnerable • Other people’s clips of you without your consent • Avatars and Advergames; info fusion • Google private ownership of ‘ biometric’ data collected for public purposes : murky PPPs ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

6. Practice : eGov and T challenge:your body as commerce Do you (or unknown others and chips) own you and control your data? And your virtual money and goods? Who’s liable for mistakes and machine malfunctions? You? Chip? PPPs? Redress? Assistive ICTs and vulnerable ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

7. Transparency challenge • Is there a contradiction between the data subject as data controller(social networking) with individual responsibility, and the data subject as commodity with no individual right or responsibility for giving consent to the use of his personal data? ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

8. Challenge for Govt : be open about who controls PPPs • Right to be forgotten – depends on the requirement to be known to the ‘authorities’ (usually hidden in PPPs) • What are the implications of relying on automated (robotic) d-m in all settings, from borders to social networking to ‘know us’ for our understanding of our rights and enforceable laws? • How Are EU DP and outsourcing laws enforceable in an outside EU? ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

9. Lessons from biometrics: a future in Steering behaviour? Biometrics for honest purposes Rely on credibility of verification and authentication; robust resilient systems; credibility and trust of users, vendors, ICTs and handling practices; implicit ethical codes Biometrics for dishonest purposes rely on a breach of trust – multi purpose use Biometrics to steer behaviour rely on agreement as to the ethical and desirable end purpose (eghonest medical therapeutic purpose) or can be misappropriated for malign intent ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

10. Ethical transparency and trusted eGov Selling behaviour Withstanding q-surveillance Privacy as a right Stronger data protection PETs/PEDs – pseudo technical fixes? • Quantum surveillance in public space (security rationale) and in private and space via m- play (conven+com); vanishing interfaces • Mining, mash-ups, blending virtual and real (eg virtual currency, like Amazon’s Feb 2013 • Multiple clouds and & data blending; convegent ICTs • Geo-referencing and map-making = online definition of reality affects real world choices : mediates power; ethics and societal acceptability of ICT applicatns ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

11. Egov magnifies the ‘who dunnit’ burden of proof and responsibility Politico-legal agency Locus of authority+dm by machine Responsibility /accountability DP + Forgetting + linkage Redefining Private sphere Morality and Ethics – access Mobiles and vanishing interfaces - georeferencing Netiquette & human dignity Transhumanism & Roboethics Technical fixes • forensic genomics, biometrics neuro-imaging, digi tracking • IP, Censorship, Anonymity ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

12. Recommendation: Awareness of linkage by potent forensics for multi-purpose/dishonest steering • Misappropriation of ICTs, apps and info from quantum surveillance to steer behaviour • Mind-reading/prediction and anticipation • Self-censorship versus open society and total disclosure without your knowledge or consent? • What is at the basis of trust relationships in ICT moderated or dominated societies? • What are the limits of regulation? • Transparency exceptions eg security; what is critical and what is not. Protect vulnerable and cits from abuse RECOMMENDATION : enforce and require ICT and apps developers to have transparent ethical codes/mores regarding multipurpose use ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

13. Recommendations : review balance of interests • Cookies: ending denial of service if person objects to cookie tracking • Education: Helping people see how much information they share; end of privacy • Control: ensure people know how to control sensitive information • LAW : would a "privacy bill of rights" guarantee greater control over personal data Inject realism into real time real life privacy and its protection. Eg tension between personal responsibility v corporate duty v legal requirement ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

14. T and O for trust or deception? • constitutional • procedural • practice as deception Result (dis)trust and (dis)honesty Pushing d-m to machines deceives citizens. It masks a lack of human analysis and undermines trust in IT, govt and private sector. What and whom we trust and why. That is the biggest challenge to eGovtransparency : failure risks trust in government and authority. ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

15. Conclusion • Trying to trust technology to act as a privacy guardian is insufficient • Who’s in control? You or the machine? And does it own you? • Ethical values and practice must inform info collection, handling etc and can do so only if human intervention is visible, identifiable and accountable. Secure eGov must uphold T accountability to ensure trust when society is permanently online. ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

16. Communicating control ‘Citizens must be able to understand the system so that they can identify its problems, criticise it, and ultimately control it.’ Final report of the Convention on the Future of Europe Working Group IX on Simplification 29 Nov 2002 [CONV 424/02 WGIX 13] ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg

17. Juliet Lodge , Privacy Committee Biometrics Institute Research, evidence and publications on • EU freedom, security and justice, Europol, automated decisionmaking and data exchange, border management and security, biometrics, ethics, compliance with law & democracy • egov, EU citizenship in e-digital spaces • EP, transparency, legitimacy , accountable egovernance in security and internal market of EU27 • f7p ICT Ethics; BEST; Fp6 (Challenge; r4eGov; ejustice) • Advisory role in RISE;HIDE (& f6p Mediated Citizenship) • EU-China programme (EU funded on multilateralism and soft diplomacy); 17+ books; 240 published peer reviewed papers ETAG European Parliament 19/2/13 Room 7C-050 Paul-Henri Spaak Bldg