SlideShare una empresa de Scribd logo

Privacy post-Snowden

Descargar como PPTX, PDF
blogzilla
blogzilla

This document summarizes international laws and policies regarding privacy and mass surveillance in the post-Snowden era. It discusses obligations under international human rights law, calls by the UN General Assembly to review surveillance practices, and reports by the UN High Commissioner for Human Rights criticizing secret interpretations of law and lack of protections for individuals. The document also reviews data privacy regulations in Europe, debates around data localization, encryption technologies, and concludes that strengthening international law and information security is needed to curb mass surveillance by powerful states.

Tecnología
1 de 17
PRIVACY POST-SNOWDEN Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII
Implants in the supply chain
International law and politics • International Covenant on Civil and Political Rights §17 and §19 and their interpretation by the UN Human Rights Committee, UN High Commissioner for Human Rights, and UN Special Rapporteurs (on Freedom of Opinion and Expression; on the promotion and protection of human rights and fundamental freedoms while countering terrorism; on human rights and transnational corporations) • Regional treaties, esp. Eur. Conv. on Human Rights §8 and EU Charter of Fundamental Rights §§7-8 • How to make transparent, let alone improve, bi- and multi-lateral intelligence sharing agreements?
United Nations • General Assembly: “Calls upon all States…To review their procedures, practices and legislation regarding the surveillance of communications, their interception and the collection of personal data, including mass surveillance, interception and collection, with a view to upholding the right to privacy by ensuring the full and effective implementation of all their obligations under international human rights law” (A/RES/68/167) • HR Cmtte: Concluding Observations on USA (2014). Inter-State complaint? (Scheinin) • IGF 2014: “Civil society managed to get many of these issues on the conference’s agenda but governments chose to ignore them.” -Sherif Elsayed-Ali, Deputy Director of Global Issues at Amnesty International
UN High Commissioner for HR • “Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights” §20 • “overarching principles of legality, necessity and proportionality” §23 • “secret rules and secret interpretations – even secret judicial interpretations – of law do not have the necessary qualities of “law” §29 • “sharing of data between law enforcement agencies, intelligence bodies and other State organs risks violating article 17” §27 • “Governments have operated a transnational network of intelligence agencies through interlocking legal loopholes, involving the coordination of surveillance practice to outflank the protections provided by domestic legal regimes. Such practice arguably fails the test of lawfulness” §30
UN High Commissioner for HR • “States have also failed to take effective measures to protect individuals within their jurisdiction…in breach of their own human rights obligations.” §30 • “digital surveillance therefore may engage a State’s human rights obligations if that surveillance involves the State’s exercise of power or effective control in relation to digital communications infrastructure, wherever found, for example, through direct tapping or penetration of that infrastructure. Equally, where the State exercises regulatory jurisdiction over a third party that physically controls the data, that State also would have obligations under the Covenant. If a country seeks to assert jurisdiction over the data of private companies as a result of the incorporation of those companies in that country, then human rights protections must be extended to those whose privacy is being interfered with, whether in the country of incorporation or beyond.” §34
UN GGE A/68/98 (24 June 2013) • “international law and in particular the United Nations Charter, is applicable and is essential to maintaining peace and stability” • “States must meet their international obligations regarding internationally wrongful acts attributable to them” • “Recommendations on voluntary measures to build trust, transparency and confidence, as well as international cooperation to build capacity for ICT security” • New GGE held first meeting in New York in July 2014, and elected Brazil as the Chair. Three more meetings in 2015
Council of Europe and EU • CoE Convention 108: • 7 States Parties do not apply Convention to State security (Andorra, Ireland, Latvia, Malta, Romania, Russia, Macedonia) • Modernised Convention does not allow this §3(2)(a) scope limit • Cybercrime Convention §32 • US-EU umbrella DP agreement • Accounting and Transparency Directives • Recent cases: • ECtHR: Big Brother Watch and ors v UK, App. No. 38170/13; Bernh Larson Holdings v Norway, App. No. 24117/08; Privacy International v UK • CJEU: Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources & Ors C-293/12 and Kärntner Landesregierung, Michael Seitlinger, Christof Tschohl and others, C 594/12 • 1 BvR 370/07 and 1 BvR 595/07: breaching const. right to IT-security requires factual evidence indicating a specific threat to an outstanding and overriding legal interest, such as threats to the life or freedom of an individual, or threats concerning the fundamentals or existence of the state + judicial authorisation
Data localisation • German interior minister: “whoever fears their communication is being intercepted in any way should use services that don't go through American servers.” • Snowden: “you should never route through or peer with the UK” • Brazil & Russia – considered or passed laws requiring citizens’ data held within country. Digital Rights Ireland and Art 29 WP on retained communications data • Regional data centres – but limited impact given expansive American jurisdiction (In re Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp., No. 13-MJ-2814-UA, SDNY 28 Aug. 14) • Norwegian domains .sj and .bv
Renewed focus on encryption • Storage encryption using client-held keys is relatively straightforward – e.g. SpiderOak • Homomorphic encryption in the cloud? • End-to-end encrypted peer-to-peer systems • Verifiable?
Conclusion • International law is (slowly) being strengthened – perhaps not at the scale that will effectively protect privacy against SIGINT agencies (ideas of optional ICCPR Protocol or even new General Comment 16 seem to have faded) • Cybersecurity norms are up for grabs • IANA and ICANN in some senses a sideshow, aside from leverage against US, although play important role concerning WHOIS, and potentially DNSSEC, RPKI, and more broadly as a fulcrum for transnational enforcement • Much greater attention to information security a pre-condition for raising cost of mass surveillance beyond the great (Internet) powers – IETF role

Recomendados

Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
blogzilla
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
blogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
blogzilla
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?
blogzilla
 
Internet governance
Internet governanceInternet governance
Internet governance
Ghazala Ajami
 
Wikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internetWikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internet
Vincy
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms day
moldovaictsummit2016
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
moldovaictsummit2016
 

Recomendados

Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
blogzilla
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
blogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
blogzilla
 
Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?Copyright and privacy by design - what lessons have we learned?
Copyright and privacy by design - what lessons have we learned?
blogzilla
 
Internet governance
Internet governanceInternet governance
Internet governance
Ghazala Ajami
 
Wikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internetWikileaks freedom of speech on the internet
Wikileaks freedom of speech on the internet
Vincy
 
Internet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms dayInternet user's rights and fundamental freedoms day
Internet user's rights and fundamental freedoms day
moldovaictsummit2016
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
moldovaictsummit2016
 
cybercrime landscape for moldova
cybercrime landscape for moldovacybercrime landscape for moldova
cybercrime landscape for moldova
moldovaictsummit2016
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime convention
moldovaictsummit2016
 
Legal Aspect of the Cloud by Giuseppe Vaciago
Legal Aspect of the Cloud by Giuseppe VaciagoLegal Aspect of the Cloud by Giuseppe Vaciago
Legal Aspect of the Cloud by Giuseppe Vaciago
Tech and Law Center
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
blogzilla
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crime
IshitaSrivastava21
 
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
AJHSSR Journal
 
Consumers' and Citizens' Privacy
Consumers' and Citizens' Privacy Consumers' and Citizens' Privacy
Consumers' and Citizens' Privacy
Carolina Rossini
 
Social media impact on freedom of expression and privacy
Social media impact on freedom of expression and privacySocial media impact on freedom of expression and privacy
Social media impact on freedom of expression and privacy
Yasmin AbdelAziz
 
Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE
Kangai Maukazuva, CGEIT
 
Privacy in the age of anti-terrorism
Privacy in the age of anti-terrorismPrivacy in the age of anti-terrorism
Privacy in the age of anti-terrorism
blogzilla
 
Research on Digital Security Act 2018
Research on Digital Security Act 2018Research on Digital Security Act 2018
Research on Digital Security Act 2018
Nilima Tariq
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
APNIC
 
Investigating cybercrime at the United Nations
Investigating cybercrime at the United NationsInvestigating cybercrime at the United Nations
Investigating cybercrime at the United Nations
blogzilla
 
Artificial Intelligence, elections, media pluralism and media freedom
Artificial Intelligence, elections, media pluralism and media freedom Artificial Intelligence, elections, media pluralism and media freedom
Artificial Intelligence, elections, media pluralism and media freedom
Centre for Media Pluralism and Media Freedom
 
Digital security law security of individual or government
Digital security law security of individual or governmentDigital security law security of individual or government
Digital security law security of individual or government
M S Siddiqui
 
Cyber security and prevention in Bangladesh
Cyber security and prevention in BangladeshCyber security and prevention in Bangladesh
Cyber security and prevention in Bangladesh
Rabita Rejwana
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
Dani Ann Eunice Vargas Espelico
 
Digital security act (DSA)
Digital security act (DSA)Digital security act (DSA)
Digital security act (DSA)
Md.Azizul hakim Anik
 
Snezana Trpevska - Content Regulation and Censorship – What is the Difference?
Snezana Trpevska - Content Regulation and Censorship – What is the Difference?Snezana Trpevska - Content Regulation and Censorship – What is the Difference?
Snezana Trpevska - Content Regulation and Censorship – What is the Difference?
Metamorphosis
 
After 9 11
After 9 11After 9 11
After 9 11
Jenn Robillard
 
Bus snowden presentation
Bus snowden presentationBus snowden presentation
Bus snowden presentation
CJW78755
 
Cyber after Snowden (OA Cyber Summit)
Cyber after Snowden (OA Cyber Summit)Cyber after Snowden (OA Cyber Summit)
Cyber after Snowden (OA Cyber Summit)
Open Analytics
 

Más contenido relacionado

La actualidad más candente

An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
AJHSSR Journal
 

La actualidad más candente (20)

cybercrime landscape for moldova
cybercrime landscape for moldovacybercrime landscape for moldova
cybercrime landscape for moldova
 
Cybercrime convention
Cybercrime conventionCybercrime convention
Cybercrime convention
 
Legal Aspect of the Cloud by Giuseppe Vaciago
Legal Aspect of the Cloud by Giuseppe VaciagoLegal Aspect of the Cloud by Giuseppe Vaciago
Legal Aspect of the Cloud by Giuseppe Vaciago
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 
International convention on cyber crime
International convention on cyber crimeInternational convention on cyber crime
International convention on cyber crime
 
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
An Exploratory Study on Mechanisms in Place to Combat Hacking In South Africa...
 
Consumers' and Citizens' Privacy
Consumers' and Citizens' Privacy Consumers' and Citizens' Privacy
Consumers' and Citizens' Privacy
 
Social media impact on freedom of expression and privacy
Social media impact on freedom of expression and privacySocial media impact on freedom of expression and privacy
Social media impact on freedom of expression and privacy
 
Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE Cyber Crime & Cyber Security Workshop, ZIE
Cyber Crime & Cyber Security Workshop, ZIE
 
Privacy in the age of anti-terrorism
Privacy in the age of anti-terrorismPrivacy in the age of anti-terrorism
Privacy in the age of anti-terrorism
 
Research on Digital Security Act 2018
Research on Digital Security Act 2018Research on Digital Security Act 2018
Research on Digital Security Act 2018
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
 
Investigating cybercrime at the United Nations
Investigating cybercrime at the United NationsInvestigating cybercrime at the United Nations
Investigating cybercrime at the United Nations
 
Artificial Intelligence, elections, media pluralism and media freedom
Artificial Intelligence, elections, media pluralism and media freedom Artificial Intelligence, elections, media pluralism and media freedom
Artificial Intelligence, elections, media pluralism and media freedom
 
Digital security law security of individual or government
Digital security law security of individual or governmentDigital security law security of individual or government
Digital security law security of individual or government
 
Cyber security and prevention in Bangladesh
Cyber security and prevention in BangladeshCyber security and prevention in Bangladesh
Cyber security and prevention in Bangladesh
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
Digital security act (DSA)
Digital security act (DSA)Digital security act (DSA)
Digital security act (DSA)
 
Snezana Trpevska - Content Regulation and Censorship – What is the Difference?
Snezana Trpevska - Content Regulation and Censorship – What is the Difference?Snezana Trpevska - Content Regulation and Censorship – What is the Difference?
Snezana Trpevska - Content Regulation and Censorship – What is the Difference?
 
After 9 11
After 9 11After 9 11
After 9 11
 

Destacado

The Post Snowden World One Year Later: What Has Changed?
The Post Snowden World One Year Later: What Has Changed?The Post Snowden World One Year Later: What Has Changed?
The Post Snowden World One Year Later: What Has Changed?
Christian Dawson
 
Assange & Snowden
Assange & SnowdenAssange & Snowden
Assange & Snowden
Pearlyn Low
 
Snowden's NBC (Anons vs. GCHQ)
Snowden's NBC (Anons vs. GCHQ)Snowden's NBC (Anons vs. GCHQ)
Snowden's NBC (Anons vs. GCHQ)
Dedalo-SB
 
Alumni from snowden
Alumni from snowdenAlumni from snowden
Alumni from snowden
NEOA
 
Snowden creates new headache Arise Roby
Snowden creates new headache Arise RobySnowden creates new headache Arise Roby
Snowden creates new headache Arise Roby
Arise Roby
 
Snowden-final-report-for-publication
Snowden-final-report-for-publicationSnowden-final-report-for-publication
Snowden-final-report-for-publication
Zarte Siempre
 
Mass Internet Surveillance: The Snowden Case
Mass Internet Surveillance: The Snowden CaseMass Internet Surveillance: The Snowden Case
Mass Internet Surveillance: The Snowden Case
Hacking Mom
 

Destacado (20)

Bus snowden presentation
Bus snowden presentationBus snowden presentation
Bus snowden presentation
 
Cyber after Snowden (OA Cyber Summit)
Cyber after Snowden (OA Cyber Summit)Cyber after Snowden (OA Cyber Summit)
Cyber after Snowden (OA Cyber Summit)
 
Digital Citizenship and Surveillance Society: UK State-Media-Citizen Relation...
Digital Citizenship and Surveillance Society: UK State-Media-Citizen Relation...Digital Citizenship and Surveillance Society: UK State-Media-Citizen Relation...
Digital Citizenship and Surveillance Society: UK State-Media-Citizen Relation...
 
The Post Snowden World One Year Later: What Has Changed?
The Post Snowden World One Year Later: What Has Changed?The Post Snowden World One Year Later: What Has Changed?
The Post Snowden World One Year Later: What Has Changed?
 
Seen at InfoSec Europe 2015: Spot your Snowden!
Seen at InfoSec Europe 2015: Spot your Snowden!Seen at InfoSec Europe 2015: Spot your Snowden!
Seen at InfoSec Europe 2015: Spot your Snowden!
 
Assange & Snowden
Assange & SnowdenAssange & Snowden
Assange & Snowden
 
Snowden's NBC (Anons vs. GCHQ)
Snowden's NBC (Anons vs. GCHQ)Snowden's NBC (Anons vs. GCHQ)
Snowden's NBC (Anons vs. GCHQ)
 
Alumni from snowden
Alumni from snowdenAlumni from snowden
Alumni from snowden
 
Edward joseph snowden
Edward joseph snowdenEdward joseph snowden
Edward joseph snowden
 
Snowden creates new headache Arise Roby
Snowden creates new headache Arise RobySnowden creates new headache Arise Roby
Snowden creates new headache Arise Roby
 
Take Back Control in a Post-Snowden World
Take Back Control in a Post-Snowden WorldTake Back Control in a Post-Snowden World
Take Back Control in a Post-Snowden World
 
Snowden-final-report-for-publication
Snowden-final-report-for-publicationSnowden-final-report-for-publication
Snowden-final-report-for-publication
 
Keeping your files safe in the post-Snowden era with SXFS
Keeping your files safe in the post-Snowden era with SXFSKeeping your files safe in the post-Snowden era with SXFS
Keeping your files safe in the post-Snowden era with SXFS
 
From Orwell to Snowden
From Orwell to SnowdenFrom Orwell to Snowden
From Orwell to Snowden
 
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
Reigning in the Data (FOSSCON 2014) - Ephemeral Messaging and Privacy In Post...
 
Treason or Loyalty? Ethics and Edward Snowden
Treason or Loyalty? Ethics and Edward SnowdenTreason or Loyalty? Ethics and Edward Snowden
Treason or Loyalty? Ethics and Edward Snowden
 
Mass Internet Surveillance: The Snowden Case
Mass Internet Surveillance: The Snowden CaseMass Internet Surveillance: The Snowden Case
Mass Internet Surveillance: The Snowden Case
 
EY Snowden - Mobile Transforming Retail
EY Snowden - Mobile Transforming RetailEY Snowden - Mobile Transforming Retail
EY Snowden - Mobile Transforming Retail
 
Snowden as whistleblower - Future of Privacy Forum
Snowden as whistleblower - Future of Privacy ForumSnowden as whistleblower - Future of Privacy Forum
Snowden as whistleblower - Future of Privacy Forum
 
British Newspaper Coverage of State Surveillance and the Edward Snowden Revel...
British Newspaper Coverage of State Surveillance and the Edward Snowden Revel...British Newspaper Coverage of State Surveillance and the Edward Snowden Revel...
British Newspaper Coverage of State Surveillance and the Edward Snowden Revel...
 

Similar a Privacy post-Snowden

The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
Resilient Systems
 
CYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesCYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal Perspectives
DrSamsonChepuri1
 

Similar a Privacy post-Snowden (20)

Internet freedom: a comparative assessment
Internet freedom: a comparative assessmentInternet freedom: a comparative assessment
Internet freedom: a comparative assessment
 
4482LawEthics.ppt
4482LawEthics.ppt4482LawEthics.ppt
4482LawEthics.ppt
 
1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados Pessoais1º Palestra sobre Proteção de Dados Pessoais
1º Palestra sobre Proteção de Dados Pessoais
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
 
Communications Privacy and the State
Communications Privacy and the StateCommunications Privacy and the State
Communications Privacy and the State
 
Will the GDPR Kibosh EU-US Discovery?
Will the GDPR Kibosh EU-US Discovery? Will the GDPR Kibosh EU-US Discovery?
Will the GDPR Kibosh EU-US Discovery?
 
Communications data retention in an evolving Internet
Communications data retention in an evolving InternetCommunications data retention in an evolving Internet
Communications data retention in an evolving Internet
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
 
Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)Introduction privacy and drones130902.pptx (alleen lezen)
Introduction privacy and drones130902.pptx (alleen lezen)
 
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
 
Digital Repression and Techno-Authoritarianism
Digital Repression and Techno-AuthoritarianismDigital Repression and Techno-Authoritarianism
Digital Repression and Techno-Authoritarianism
 
CYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal PerspectivesCYBER SECURITY :Cyber Law – The Legal Perspectives
CYBER SECURITY :Cyber Law – The Legal Perspectives
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORT
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
 
CYBOK: Law and Regulation webinar slides.pdf
CYBOK: Law and Regulation webinar slides.pdfCYBOK: Law and Regulation webinar slides.pdf
CYBOK: Law and Regulation webinar slides.pdf
 
Computer forensics law and privacy
Computer forensics law and privacyComputer forensics law and privacy
Computer forensics law and privacy
 
International Cybercrime (Part 1)
International Cybercrime (Part 1)International Cybercrime (Part 1)
International Cybercrime (Part 1)
 
Policies and Law in IT
Policies and Law in ITPolicies and Law in IT
Policies and Law in IT
 

Más de blogzilla

Regulating code
Regulating codeRegulating code
Regulating code
blogzilla
 

Más de blogzilla (20)

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managers
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
Trust in the Cloud
Trust in the CloudTrust in the Cloud
Trust in the Cloud
 
Can the law control Digital Leviathan?
Can the law control Digital Leviathan?Can the law control Digital Leviathan?
Can the law control Digital Leviathan?
 
Regulating code
Regulating codeRegulating code
Regulating code
 
Data protection redress in the UK
Data protection redress in the UKData protection redress in the UK
Data protection redress in the UK
 
Digital freedoms in international law
Digital freedoms in international lawDigital freedoms in international law
Digital freedoms in international law
 
Exceptions & Limitations in Copyright or Systemic Overhaul?
Exceptions & Limitations in Copyright or Systemic Overhaul?Exceptions & Limitations in Copyright or Systemic Overhaul?
Exceptions & Limitations in Copyright or Systemic Overhaul?
 
Privacy attitudes, incentives and behaviours
Privacy attitudes, incentives and behavioursPrivacy attitudes, incentives and behaviours
Privacy attitudes, incentives and behaviours
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Último (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 

Privacy post-Snowden

  • 1. PRIVACY POST-SNOWDEN Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII
  • 2.
  • 3.
  • 4. Implants in the supply chain
  • 5.
  • 6.
  • 7.
  • 8.
  • 9. International law and politics • International Covenant on Civil and Political Rights §17 and §19 and their interpretation by the UN Human Rights Committee, UN High Commissioner for Human Rights, and UN Special Rapporteurs (on Freedom of Opinion and Expression; on the promotion and protection of human rights and fundamental freedoms while countering terrorism; on human rights and transnational corporations) • Regional treaties, esp. Eur. Conv. on Human Rights §8 and EU Charter of Fundamental Rights §§7-8 • How to make transparent, let alone improve, bi- and multi-lateral intelligence sharing agreements?
  • 10. United Nations • General Assembly: “Calls upon all States…To review their procedures, practices and legislation regarding the surveillance of communications, their interception and the collection of personal data, including mass surveillance, interception and collection, with a view to upholding the right to privacy by ensuring the full and effective implementation of all their obligations under international human rights law” (A/RES/68/167) • HR Cmtte: Concluding Observations on USA (2014). Inter-State complaint? (Scheinin) • IGF 2014: “Civil society managed to get many of these issues on the conference’s agenda but governments chose to ignore them.” -Sherif Elsayed-Ali, Deputy Director of Global Issues at Amnesty International
  • 11. UN High Commissioner for HR • “Even the mere possibility of communications information being captured creates an interference with privacy, with a potential chilling effect on rights” §20 • “overarching principles of legality, necessity and proportionality” §23 • “secret rules and secret interpretations – even secret judicial interpretations – of law do not have the necessary qualities of “law” §29 • “sharing of data between law enforcement agencies, intelligence bodies and other State organs risks violating article 17” §27 • “Governments have operated a transnational network of intelligence agencies through interlocking legal loopholes, involving the coordination of surveillance practice to outflank the protections provided by domestic legal regimes. Such practice arguably fails the test of lawfulness” §30
  • 12. UN High Commissioner for HR • “States have also failed to take effective measures to protect individuals within their jurisdiction…in breach of their own human rights obligations.” §30 • “digital surveillance therefore may engage a State’s human rights obligations if that surveillance involves the State’s exercise of power or effective control in relation to digital communications infrastructure, wherever found, for example, through direct tapping or penetration of that infrastructure. Equally, where the State exercises regulatory jurisdiction over a third party that physically controls the data, that State also would have obligations under the Covenant. If a country seeks to assert jurisdiction over the data of private companies as a result of the incorporation of those companies in that country, then human rights protections must be extended to those whose privacy is being interfered with, whether in the country of incorporation or beyond.” §34
  • 13. UN GGE A/68/98 (24 June 2013) • “international law and in particular the United Nations Charter, is applicable and is essential to maintaining peace and stability” • “States must meet their international obligations regarding internationally wrongful acts attributable to them” • “Recommendations on voluntary measures to build trust, transparency and confidence, as well as international cooperation to build capacity for ICT security” • New GGE held first meeting in New York in July 2014, and elected Brazil as the Chair. Three more meetings in 2015
  • 14. Council of Europe and EU • CoE Convention 108: • 7 States Parties do not apply Convention to State security (Andorra, Ireland, Latvia, Malta, Romania, Russia, Macedonia) • Modernised Convention does not allow this §3(2)(a) scope limit • Cybercrime Convention §32 • US-EU umbrella DP agreement • Accounting and Transparency Directives • Recent cases: • ECtHR: Big Brother Watch and ors v UK, App. No. 38170/13; Bernh Larson Holdings v Norway, App. No. 24117/08; Privacy International v UK • CJEU: Digital Rights Ireland Ltd v Minister for Communications, Marine and Natural Resources & Ors C-293/12 and Kärntner Landesregierung, Michael Seitlinger, Christof Tschohl and others, C 594/12 • 1 BvR 370/07 and 1 BvR 595/07: breaching const. right to IT-security requires factual evidence indicating a specific threat to an outstanding and overriding legal interest, such as threats to the life or freedom of an individual, or threats concerning the fundamentals or existence of the state + judicial authorisation
  • 15. Data localisation • German interior minister: “whoever fears their communication is being intercepted in any way should use services that don't go through American servers.” • Snowden: “you should never route through or peer with the UK” • Brazil & Russia – considered or passed laws requiring citizens’ data held within country. Digital Rights Ireland and Art 29 WP on retained communications data • Regional data centres – but limited impact given expansive American jurisdiction (In re Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp., No. 13-MJ-2814-UA, SDNY 28 Aug. 14) • Norwegian domains .sj and .bv
  • 16. Renewed focus on encryption • Storage encryption using client-held keys is relatively straightforward – e.g. SpiderOak • Homomorphic encryption in the cloud? • End-to-end encrypted peer-to-peer systems • Verifiable?
  • 17. Conclusion • International law is (slowly) being strengthened – perhaps not at the scale that will effectively protect privacy against SIGINT agencies (ideas of optional ICCPR Protocol or even new General Comment 16 seem to have faded) • Cybersecurity norms are up for grabs • IANA and ICANN in some senses a sideshow, aside from leverage against US, although play important role concerning WHOIS, and potentially DNSSEC, RPKI, and more broadly as a fulcrum for transnational enforcement • Much greater attention to information security a pre-condition for raising cost of mass surveillance beyond the great (Internet) powers – IETF role

Notas del editor

  1. http://www.economist.com/news/world-week/21599834-kals-cartoon?fsrc=scn/tw_ec/kals_cartoon
  2. http://www.bloomberg.com/news/2013-06-14/u-s-agencies-said-to-swap-data-with-thousands-of-firms.html
  3. http://electrospaces.blogspot.co.uk/2013/11/five-eyes-9-eyes-and-many-more.html
  4. Intelligence protocol to CoE Convention 108, or interpretations of ICCPR/regional human rights treaties? MLATs? UKUSA amendment? http://www.un.org/en/ga/search/view_doc.asp?symbol=A/RES/68/167
  5. http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf
  6. http://www.ohchr.org/EN/HRBodies/HRC/RegularSessions/Session27/Documents/A.HRC.27.37_en.pdf
  7. http://www.un.org/en/ecosoc/cybersecurity/maurer-cyber-norm-dp-2011-11.pdf http://www.un.org/disarmament/topics/informationsecurity/ http://www.un.org/ga/search/view_doc.asp?symbol=A/68/98
  8. Intelligence protocol to CoE Convention 108, or interpretations of ICCPR/regional human rights treaties? MLATs? UKUSA amendment? http://www.conventions.coe.int/Treaty/Commun/ListeDeclarations.asp?NT=108&CM=1&DF=07/09/2014&CL=ENG&VL=1 http://tech.transparency-initiative.org/with-milestone-u-k-announcement-eu-disclosure-laws-speeding-toward-reality/ http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2013:182:0019:0076:EN:PDF http://www.twobirds.com/en/news/articles/2008/german-constitutional-court-creates-a-new-fundamental-it-privacy-right
  9. https://www.opendemocracy.net/håkon-wium-lie/net-names-for-safe-shelter Svalbard and Jan Mayen (.sj) and Bouvet Island