Beyond the security paradox: Ten criteria for a socially informed security policy:
Summary (4 min read)
Introduction
- Over the past twenty years, but especially since 9/11, security policies in western societies have increasingly adopted pre-emptive measures which are reliant on SurveillanceOriented Security Technologies .
- The present article tries to overcome these shortcomings by applying an adapted version of a specific type of public engagement method, the citizen summit (Bedsted et al. 2011).
- Furthermore, in spite of producing more evidence of a security paradox (Eurobarometer 2015) the qualitative methods deployed by the paper demonstrate that there is more to be understood in relation to citizen assessments of SOSTs.
- From the analysis of the qualitative data gathered across the twelve citizen summits, a set of common criteria emerged.
Normative criteria
- The acceptability of SOSTs was often linked to the normative context in which the technologies are operated.
- National and international regulations, transparency and private-public separation were fundamental criteria used by the large majority of participants to say how SOSTs should be managed.
International legal framework
- Regulation is still seen by citizens as a powerful mechanism to ensure that technological risks are contained and managed (Falkner 2012).
- International laws are considered necessary to limit the sovra-national ubiquitous, digital surveillance.
- Specific laws should also be introduced to reduce massive surveillance and limit the impact of SOSTs beyond national borders: “the authors need a new and international legal frameworks.. it is important.. and even more an oversight body that could intervene if someone broke the law when using deep packet inspection in an illegal way” [Norwegian National Report, p.17].
- Given the global nature of security threats and security strategies, the national fragmentation of regulations and data protection authorities was perceived as an obstacle to both security strategies and data protection 7: “Legal guarantees should safeguard citizens' rights in the entire EU region.
- A body at a EU-level must give out licenses to set up surveillance cameras, oversee accountability, and protection of personal data” [Recommendation, Hungarian Citizen Summit].
Transparency and accountability
- Many participants perceived that SOSTs are used in situations in which information, transparency and responsibility are poor or missing.
- They suggested that SOSTs should only be introduced after providing detailed and accessible information about operation modes, operators, rules, domains and purposes to the public: “the use of SOSTs is opaque, responsible authorities are not known to the public.
- Several groups made a concrete suggestion to create a “My page”, where one can see a list of everyone who have stored your personal data, and a log of when it is used.
- Such action would help ensure that clear responsibilities could be identified when things go wrong: “Transparency here is absolutely essential: people want to know what data are being collected, who is responsible for them and what purposes they are intended for” [Swiss National Report, p. 36].
- Furthermore, surveillance technologies should only be used when it is necessary: “evidence is needed before initiating surveillance and greater transparency from companies and authorities on what the surveillance is used for” [Recommendation, Danish Citizen Summit].
Public-private separation
- Transparency of operations and international regulations were deemed crucial but not sufficient requirements.
- The involvement of private actors in security operations and in the management and use of SOSTs generated particular anxiety (Zedner, 2006).
- They suggested the establishment of such bodies on an international or European level 8 [Norwegian National Report, p. 26].
- The outsourcing of the security function to private firms was considered especially problematic: “No security services should be outsourced to private companies!” [Postcard, UK Citizen Summit].
- In circumstances where the involvement of private actors is absolutely necessary, stricter requirements were considered necessary to ensure transparency and accountability.
Data protection criteria
- Characterised by high 8 Effectively, European and National security agencies have to comply with the new European Directive on Data Protection (2016).
- Level of secrecy, they considered necessary to inform the public about how security agencies operate and respect people’s rights.
- Information on how data protection rights, for instance, are safeguarded during police investigation can help diminish citizens’ concerns about the data privacy.
- The purpose and conditions under which people’s data were processed in security investigations represented a very relevant and controversial theme.
- Blanket surveillance was especially criticised not only for its impact on privacy and human rights, but also for its effectiveness.
Notice and consent
- A major source of concern for all participants was the fact of not being aware of being a subject of surveillance.
- When opt-in frameworks are not viable, notification about when, and for what purpose, surveillance is operated needs to be given to help people become aware of these practices.
- “Active information obligation for data collectors, public and private, means the citizen is not required to make a demand but rather that who collects data should be obliged to inform the concerned person; what is stored, how long and why at all!.
- When the retrieval of personal data is required for security reasons, citizens considered they should be notified and have the right to access, modify, or have their data removed after the investigation ends.
Purpose limitation
- SOSTs should not be used for operating mass government surveillance, but only for targeting clearly defined threats and within the scope of specific investigations.
- “Participants argued towards more control of surveillance activities and the demand for justified reasons for surveillance in order to target real suspects and criminals instead of the general public” [Austria National Report, p.33].
- Mass surveillance was considered detrimental as it undermines citizens’ perceived safety and their trust in security operators.
- “By vast dragnet surveillance activities of governmental institutions, the trust in the state would get undermined because citizens perceive themselves subjected to a blanket suspicion.
- Broad surveillance measures involving large parts of the population are seen as disproportionate function or mission creep” [German National Report, p.31].
Data collection limitation
- Concerns were expressed on the type of data gathered.
- Some types of data, such as those related to location or bodily appearance, were considered less sensitive than others, such as those related to personal communication.
- Whenever possible, it was argued, security actions should target the least sensitive data in the least sensitive spaces, as this comment reveals: “[a]t some tables participants expressed that they found location as a less sensitive type of data than for example the content of their communication, which can be accessed through deep packet inspection” [Norway National Report p. 28].
- Thus, the implementation of basic data management norms, such as EU data protection principles, was recognised by citizens as an important criterium determining the acceptability of SOSTs.
- “We need clear rules concerning the limits on use and collection of personal data by technological means.the authors.
Technology deployment criteria
- Concerns about the ways in which technologies are designed and deployed were also addressed by citizens.
- The cost of developing and implementing new surveillance devices was a highly relevant issue, which was discussed in conjunction with themes related to alternative security measures and solutions to complement or improve SOSTs, such as the adoption of privacy-by-design principles in the design phase.
Cost-effectiveness
- Since tax payers’ money is involved in the acquisition and deployment of SOSTs, it is not surprising that participants wanted to receive more information about the appropriateness, costs and impact of SOSTs: “I have no problems with smart CCTV but the use of it, the running costs, the legitimacy and the effectiveness of it needs to be carefully monitored.
- And the watchers made accountable” [Postcard, UK Citizen Summit].
- As most of these technologies are developed, implemented and operated by public institutions, the presentation of exhaustive cost-benefit analyses was considered absolutely necessary—.
- Very concerned about the future” (UK postcard).
- Others pointed out that SOSTs need to be supervised and operated by qualified staff—“maintaining the human factor, that is to say, not replacing humans for robots in processes and their uses” (Spanish recommendation).
Alternative security approaches
- In designing new security solutions, social, cultural and economic causes of crime and terrorism should never be forgotten (UN, 2007), and humans should be considered part of the solutions, not only part of the problem—in terms of, for example, criminals or suspects.
- Participants also suggested that SOSTs should be used to support, not to replace, the work of human operators.
- Right to access, modify and delete data … they allow monitored individuals to access, modify and remove their own data.
- Whilst their purposes may change, these changes need to be explicitly discussed and publicly approved.
- Non-technological alternatives and security measures not based on surveillance … they work and operate in combination with non-technological measures and social strategies addressing the social and economic causes of insecurity.
5. Conclusion
- Increasing reliance on security policies that use SOSTs has sparked lively debate about their acceptance.
- DREWER, D. Europol’s data protection framework as an asset in the fight against cybercrime.
- Engaging with science and technology in contemporary Europe, also known as Public deliberation and governance.
- The European Union and the securitization of migration.
Did you find this useful? Give us your feedback
Citations
665 citations
15 citations
15 citations
Cites background from "Beyond the security paradox: Ten cr..."
...…for informed consent procedures, such an approach can help us follow the process of production of knowledge and its being sustained in a particular set of attitudes within a collective (as show Veenstra and Burnett (2014) for health practices, Pavone et al. (2017) for security practices)....
[...]
...On the other hand, the demand for security necessarily enhances the role of trust in the experts (as shown also by Pavone et al., 2017)....
[...]
11 citations
References
5,480 citations
"Beyond the security paradox: Ten cr..." refers methods in this paper
...The data were analysed using thematic data analysis, which is a flexible method for identifying, analysing and reporting themes within qualitative data (Marshall and Rossman, 2011)....
[...]
1,207 citations
1,085 citations
"Beyond the security paradox: Ten cr..." refers background in this paper
...They also have a role in producing new and socially responsible knowledge that can underpin innovation (Owen et al., 2012), governance (Macnaghten and Chilvers, 2014) and policy-making (Hagendijk and Irwin, 2006; Jasanoff, 2003)....
[...]
1,044 citations
"Beyond the security paradox: Ten cr..." refers background in this paper
...…that new holistic security policies suffer from a democratic deficit (Eriksen et al., 2003; Tonra, 2011; Zwolski, 2012); they also tend to reduce democratic scrutiny in other policy domains by framing social problems as security problems (Balzacq, 2008, 2010; Huysmans, 2000, 2006; Loader, 2002)....
[...]
1,004 citations
"Beyond the security paradox: Ten cr..." refers background in this paper
...However, they have also been criticised as the data gathered are often not sufficiently robust to feed scientific research and guide policy development (Sturgis, 2014; Sturgis and Allum, 2004)....
[...]
Related Papers (5)
Frequently Asked Questions (12)
Q2. What are the future works in "Indicative version: do not cite without permission from the authors beyond the security paradox: ten criteria for a socially informed security policy" ?
The future of science governance: publics, policies, practices. Failure to collectively assess surveillance-oriented security technologies will inevitably lead to an absolute surveillance society. The potential of public participation to facilitate infrastructure decision-making: Lessons from the German and European legal planning system for electricity grid expansion.
Q3. What were the main criteria used by the participants to say how SOSTs should be managed?
National and international regulations, transparency and private-public separation were fundamental criteria used by the large majority of participants to say how SOSTs should be managed.
Q4. What are the main reasons why new security policies have been criticized?
New security policies have particularly encouraged pre-emptive security measures, enacted through the development of data-intensive security technologies and public-private security collaboration.
Q5. What are the implications of SOSTs for democracy?
As a result of the increasing surveillance and of the progressive restriction of civil rights triggered by pre-emptive security polices based on SOSTs, several scholars have warned about the implications for democracy and for personal privacy.
Q6. How many European citizens consider that security policies have been restricted?
the majority of European citizens (55 percent) consider that fundamental rights and freedoms have been restricted as a result of current security policies.
Q7. What is the role of the public in the social appraisal of technology?
Utilities Policy, 42, 64-73.STIRLING, A. 2008. “Opening up” and “closing down” power, participation, and pluralism in the social appraisal of technology.
Q8. What was the common view of privacy in the three countries?
Participants in Switzerland, Germany and Austria tended to frame privacy as a right to be left alone, as expressed by a note-taker in Germany: “citizens feel a chilling effect on their behaviour, deriving from the wish to be left alone.
Q9. What was the idea of privacy-preserving SOSTs mentioned in the Nordics?
The idea of privacy-by-design (Cavoukian, 2011) was mentioned as a possible solution to design privacy-preserving SOSTs and, thus, protect citizens’ privacy: “the concept of “privacy by design” was mentioned, hoping that future technology developers would use their knowledge to increase privacy, instead of increasing surveillance” [Norway National Report, p. 23].
Q10. What is the purpose of the paper?
Through the adoption of an adapted version of the citizen summit methodology,this paper analyses the multiple ways in which citizens interpret security and privacy and assess and evaluate SOSTs.
Q11. What is the impact of SOSTs on the civil and political rights of citizens?
As new SOSTs facilitate the collection, storage, processing and combination of personal data by security agencies and commercial organizations, their impact on established civil and political rights (Friedewald et al., 2010), social sorting (Strauß and Nentwich, 2013, Lyon, 2007a), and on individual privacy (Lyon, 2002) 1 has been criticized.
Q12. What are the limitations of the study?
Despite these limitations, their study makes an important contribution to shed light on citizens’ perceptions of SOSTs and confirms the important role that participative exercises can play in increasing their understanding of how people frame complex policy issues.