CONFERENCE ON PUBLIC SECURITY, PRIVACY AND TECHNOLOGY

 

 

 

 

Concluding remarks by

 

HE Deputy Minister of the Interior

José Magalhães

 

 

on behalf of

the Portuguese Presidency

of the Council of the European Union

 

 

 

 

 

 

Brussels, 20 November 2007

 

 

 

 

 

 

 

 

 

 

Vice-President Frattini,

Excellencies,

Ladies and Gentlemen,

 

A

llow me to start by thanking the organisers for the kind invitation extended to the Presidency of the Council of the European Union to be here today and for the opportunity to   draw a few of the many possible conclusions from the numerous debates that occurred in this Conference, very timely and well organized.  

 

This  event, that gathered many participants, was inspired by several  European Commission’s initiatives namely  the 2007 communications “on Public-Private Dialogue in Security Research and Innovation”  and  “on Promoting Data Protection by Privacy Enhancing Technologies” . These initiatives  were preceded by the 2006 important communications  on “A Strategy for a Secure Information Society” and “on Fighting spam, spyware and malicious software”. I mention  these communications  because they paved the way to relevant measures to be implemented by the Commission and the Member States to tackle  security challenges in relation to information systems and networks in the EU, outlined a comprehensive and dynamic policy framework founded on a holistic and multi-stakeholder approach  and  correctly underlined  the need to foster  international co-operation to secure networks in our globalized world. As a reaction to these two Communications, a  Council Resolution was approved  on a Strategy for a Secure Information Society in Europe (2007/C 68/01). Similarly, we need further action in order to allow the Council to endorse  far-reaching policy objectives and priorities  discussed here today,  to be pursued at EU level as well as at national level.

 

Today’s  conference considered how technology can develop the protection of privacy and at the same time allow law enforcement authorities access to personal data. Throughout the sessions, numerous arguments and examples were offered that  technology can very effectively  enhance both public security and privacy.

But the “magic triangle” formed by mobility/security/privacy –as Peter Altmeier stressed- has many complexities.

 

The Conference confirmed that the public and private sectors should both launch a dialogue to better understand the security and data protection requirements of our time. In fact, public-private dialogue in the field of security research is of paramount importance to increase the security of infrastructures, fight organised crime and terrorism, help restore security in a crisis and improve surveillance and border control. That is the reason why the European Security Research and Innovation Forum will present a Joint Security Research Agenda towards the end of 2009 which  will contain  recommendations to public authorities.  

Until then we will not cross our arms. The European Union has responded to the need for more security research with two seven-year Framework Programmes in the area of Security. These are the  FP7, which includes a security theme, and the EU Framework Programme on ‘Security and Safeguarding Liberties’ both frequently mentioned during the Conference.

 We should never forget that this is the era of extraordinary growth of Internet users  and of the WEB 2.0. The present and future development of the World Wide Web is occurring in such terms that a vast array of new opportunities for public security are easily available. This should lead to changes in our methods and projects.

Let me offer an example. A few days ago the news came that researchers at the University of Arizona are developing a tool that uses several clues to automate the analysis of online jihadism.The “Dark web Project” aims to scour Web sites, forums and chat rooms to find the Internet’s most prolific and influential jihadists and learn how they reel in supporters.Instead of reinventing the “digital wheel”, why not take advantage of this new possibility of easily sharing tools and work together to create the ones not yet invented?

W

E should also keep in mind that,  as we build these new capabilities, the notion of “EU Overall Security” is beginning to be seriously discussed reminding us of an important fact: many of the means required to ensure the internal and external security of the Union  are dual use capabilities.

Defense and security will growingly share tools and missions. As the Open Source collection of information in the Internet is clearly showing, the distinction between “external”/”internal” became absurd.In this new context, only the reinvention of data protection tools will preserve values we cherish.

 

 

 

Ladies and Gentlemen,

 

This Conference confirmed that we need many new tools to protect our citizens against very diverse threats. But let me also conclude that we have to offer good arguments to those who say that data protection is  put at risk by such developments.

 

Our  governments, our companies and our citizens  collect extensive personal information directly, in ways that became irreplaceable. The disruption of the information systems that serve  modern  Welfare States  or our travel systems  would suspend  vital  programs and panic large portions of the population.  On the other hand, even as we speak, search engines register and store the results of millions  of queries; powerful computers  in all parts of the world store e-mail, voice mail and sms messages; sensors monitor human activities and store the data; digital devices allow  us to pay tolls and make  our trips traceable; cellular  phones and PDA’s  register  calls  and may reveal user   location; ATMs   make our lives simpler and crystal transparent.

Without   those  technologies we would feel helpless and unhappy.Yet they produce terabytes of digital records which can now be easily shared through  the  internet  and  kept in    storage devices. 

 The Conference confirmed that in this new environment – which  is here to stay – the traditional measures to protect privacy  will become less and less effective unless  appropriate technological measures are used as an essential complement to legal means. 

In order  to achieve a sufficient level of  protection  privacy enhancing technologies are – presently  and in the foreseeable future- absolutely  essential to guarantee civil and political  rights in the age of cyberspace.

Paradoxically, those  same tools can also be used by terrorists and other criminals.  Thus, if data are  automatically  anonymised, after a certain lapse of time, that procedure may erase evidence of crimes; encryption tools  prevent hacking when information is transmitted over the Internet   and  protect personal data against unlawful processing but may also help  conceal criminal plans; cookie-cutters  enhance compliance with the principle that data must be processed fairly  and that the data subject must be informed about the processing going on,  but may also make ineffective police efforts to gather information on illegal activities..

 

The complex challenge we face is to keep high levels of protection  for common citizens and  allow  the  fair  use of  effective tools against criminals,  thus protecting public security.

 

But can  such a mission be achieved?

 

Yes, concluded the speakers in the  first  part of the Conference. We had in fact a vast and diversified discussion  on the topic  “Public security & technology”,  especially  in the context of prevention, detection and investigation of criminal offences.  Excellent contributions to ascertain the state of the play on both sides of the Atlantic were  offered by the presentation on “European aspects of public security”  and  a  very comprehensive description of the view of the U.S. Department Of Homeland Security Privacy Office on how to minimize the Impact (of the use of technologies) on Privacy While Achieving the Mission. Technology can (and is) being used to guarantee collection limitation, one-stop means of redress,security safegards,control of routines,privacy impact assessments,privacy implementation of guidelines and periodical discussion of obstacles and experiences.That is the way forward.

 

 

 

The new problems  related to  data exchange between private sector data controllers and law enforcement authorities  where also extensively  considered taking in consideration the   relevant experience acquired by German authorities.We have to quickly learn those lessons if we are to succeed in enforcing the availability principle and the Prum Treaty rules on police cooperation.In fact, police forces need new skills and new tools, have to establish collaboration procedures, use digital platforms to work together 24/7, pool and share resources (vg.translation services, news aggregators) and use e-learning to exchange experiences and train officers.

 

 Privacy & technology” was the second issue to be debated by a   panel consisting of both public and private sectors, with representatives from technology producers, data controllers and data subjects.   Concrete examples were offered of technology, privacy and security research projects funded by the Preparatory action on
security research (PASR) and the 7thFramework Programme of Science and Technology

as well as  an overview of what has been done under the 6th the Framework Programme.

I was very impressed by the vivid and accurate description of how our Union moved on from the   absence of funding for security research to the present situation. We now have the money: it is time to get duly organized to spend it well ( and by doing so  let the ghost of George Orwell rest in peace).

 

The research we need is solution oriented and should include purposes such as the protection of senior citizens and  child watch,robust  protection of e-passports (vg. basic access control/extended access control)and, of course, privacy enhancing technologies…

 

A thought-provoking presentation equated if Technologies for Privacy  are  ready to escape from the lab and concluded that time has come for such an escape to take place under certain conditions, namely if we manage to bridge the gap between policy makers and researchers.  

It pays highly to do so, as has shown the very interesting assessment made on behalf of the Austrian Data Protection on the use of fractional pins to protect data in  e-Government schemes of data exchange.The message is clear: data storage can be clever and proportionate;exchange does not have to lack safegards.

 

Very appropriately, the Conference  paid due attention to the need to  enhance consumer trust in e-services in the era when information moves from users computers to huge storage providers and server farms.

The  presentations on the  ongoing efforts in Europe and in the USA to secure consumer confidence as a condition for development of e-services offered an overview of many shortcomings and serious obstacles, but also encouraging practices that should be considered both by the Union and by national  legislators and private sector players. Consumers should not be left alone.The fight for appropriate measures  is of utmost importance both for consumer rights organizations and the EU,governments of member states and private sector players.

The third part of the Conference  discussed  how to stimulate Public-Private Dialogue  on Public security, privacy & technology issues. The  panel  examined, as planned,   the role of technology in the globalized world and evaluated measures to guarantee both public security and privacy.

The conclusion is obvious:it is our duty to maximize fundamental rights and public security in ourdemocracies.  That view , here expressed by Vice-President Lambrinidis, on behalf of the  EP LIBE Committee,  is widely shared. A broad consensus has been built between EU institutions on this issue, as clearly have shown the successful negotiations of the regulations on the VIS, SIS2 and e-passports.

 

That consensus is much needed if we want  Europe to speed up the widespread adoption   of Radio Frequency Identification (RFID) Devices, sensor networks and   content-rich services, such as    Voice over Internet Protocol   and other   services that require both high  levels of network and information security   and new ways of allowing law enforcement authorities to succeed in their mission.

 

The appropriate concern to offer  transatlantic perspectives  led the panel to examine the USA experience in applying technologies to make use of personal information to fight crime, while incorporating privacy safeguards. Not only  handing over data to law enforcement agencies requires appropriate procedures but the architecture itself of software and services should not be locked up in order to allow law intervention under certain conditions.

 

The panel offered consistent arguments on behalf of  that data Protection as  a crucial  condition for success of Public Security in our democracies. For that purpose we have to  reinvent the protection methods and come up with new  tools. Excessive safegards do not safeguard at all.

This conclusion is entirely compliant with the new  Lisbon Treaty and our democratic  legal frameworks. There should be no doubt that the  involvement of data protection authorities in ensuring that privacy provisions are enforced by police forces  can not be seen as an obstacle for fighting crime. Data protection   Authorities are - and will be in the future -   a central piece of any effective IT security system.

 Last but not least, advances in computer security  are awesome and very exciting. They where vividly reviewed in the Conference.

 A very accurate assessment was offered on how private sector telecommunications companies are growingly  incorporating technologies to secure privacy of users and at the same time  making personal information available to public authorities as needed and proportionate for important public interests.   

 

Ladies and Gentlemen,

The task that we face   is difficult and debates such as the one that took place here confirm that even if we act quickly and wisely no miraculous results will occur. A colossal amount of work will have to be done. But that will be from tomorrow on. On behalf of the Council , let me thank you once more for  this excellent contribution.