Constitutions and tussles in cyberspace


Published on

Can and should we design in constraints upon government power to technologies such as the Internet?

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Constitutions and tussles in cyberspace

    1. 1. Constitutions and tussles in cyberspace Dr Ian Brown Oxford Internet Institute University of Oxford
    2. 2. Overview <ul><li>Tussles and human rights </li></ul><ul><li>The effectiveness of constitutions as design-time constraints </li></ul><ul><li>Designing for privacy </li></ul><ul><li>Protecting free speech </li></ul>
    3. 3. Government privacy tussles <ul><li>If data can be collected about individuals, there will be government pressure to store, enhance and access that information </li></ul><ul><li>E.g. PATRIOT Act National Security Letters, NSA activities within the US, EU data retention directive, National DNA Database </li></ul><ul><li>Encryption is no protection if governments can compel decryption by third parties </li></ul>
    4. 4. Govt censorship tussles <ul><li>US Communications Decency Act of 1996; Child Online Protection Act of 1998 </li></ul><ul><li>UK Internet Watch Foundation and CleanFeed </li></ul><ul><li>Australia planning to block access to sites “unsuitable for children” and “unsuitable for adults” </li></ul><ul><li>Great Firewall of China </li></ul><ul><li>Disconnecting Burma </li></ul>Flickr user racoles (2007)
    5. 5. Key constitutional protections Reaffirming their profound belief in those fundamental freedoms which are the foundation of justice and peace in the world: … §8 Everyone has the right to respect for his private and family life, his home and his correspondence §9 Everyone has the right to freedom of thought, conscience and religion §10 Everyone has the right to freedom of expression §11 Everyone has the right to freedom of peaceful assembly and to freedom of association with others (ECHR, 1950) extending the ground of public confidence in the Government, will best insure the beneficent ends of its institution… I: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble IV: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated (US Bill of Rights, 1791)
    6. 6. Constitutional enforcers <ul><li>“ the blanket and indiscriminate nature of the powers of retention of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences … fails to strike a fair balance between the competing public and private interests … Accordingly, the retention at issue constitutes a disproportionate interference with the applicants' right to respect for private life and cannot be regarded as necessary in a democratic society.” S. & Marper v UK (ECtHR Nos 30562/04 and 30566/04, 2008) </li></ul><ul><li>“ As the most participatory form of mass speech yet developed, the Internet deserves the highest protection from governmental intrusion…just as the strength of the Internet is chaos, so the strength of our liberty depends upon the chaos and cacophony of the unfettered speech the First Amendment protects.” ACLU v. Reno , 929 F. Supp. 824 (E.D. Pa. 1996) </li></ul>
    7. 7. When constitutions fail <ul><li>“ There can be no doubt that the use of force protects the Nation's security and helps it achieve its foreign policy goals. Construing the Constitution to grant such power to another branch could prevent the President from exercising his core constitutional responsibilities in foreign affairs.” –OLC, 25.ix.01 </li></ul><ul><li>Prof. Doug Cassel: If the President deems that he’s got to torture somebody, including by crushing the testicles of the person’s child, there is no law that can stop him?
Prof. John Yoo: No treaty.
Cassel: Also no law by Congress. That is what you wrote in the August 2002 memo.
Yoo: I think it depends on why the President thinks he needs to do that. </li></ul>
    8. 8. Designing for privacy <ul><li>Data minimisation key: is your data really necessary? (Marsh, Brown and Khaki, 2008) </li></ul><ul><li>Limit personal data collection, storage, access and usage </li></ul><ul><ul><li>In particular, of persistant global identifiers such as IP addresses </li></ul></ul><ul><ul><li>Minimise middlebox plaintext access (Brown, 2001) and external observability (Stajano and Anderson, 1999) </li></ul></ul><ul><li>Users must also be notified and consent to the processing of data – user interfaces? </li></ul>Ade Rowbotham (2005)
    9. 9. Protecting free speech <ul><li>Regulate production and consumption rather than distribution – strengthen “mere conduit” and “actual knowledge” law (Brown, 2007) </li></ul><ul><li>Build replicated, highly redundant Content Distribution Networks with blind peers – encrypt data flows and caches (Anderson, 1996) </li></ul><ul><li>Minimise points of observation and control (Zittrain, 2006) </li></ul>
    10. 10. Conclusions <ul><li>“ Law enforcement was not supposed to be easy. Where it is easy, it's called a police state.” – Jeff Schiller, IETF Security AD (12.xii.1999) </li></ul><ul><li>“ Just as publication of the Bible challenged the abuses that had accreted over centuries of religious monopoly, so the spread of technical know-how destroyed the guilds. Reformation and a growing competitive artisan class led to the scientific and industrial revolutions, which have given us a better standard of living than even princes and bishops enjoyed in earlier centuries.” –R.J. Anderson (1996) </li></ul><ul><li>Build technologies that support European privacy law and US free speech law, and not vice versa </li></ul>
    11. 11. References <ul><li>R.J. Anderson. The Eternity Service. In 1st Intl. Conf. on the Theory and Applications of Cryptology, 1996 . </li></ul><ul><li>F. Stajano and R.J. Anderson. The Cocaine Auction Protocol: On The Power Of Anonymous Broadcast . LNCS 1768, 1999 pp. 434—447. </li></ul><ul><li>I. Brown. End-to-end security in active networks . PhD thesis, UCL, 2001. </li></ul><ul><li>D. Clark, K. Sollins, J. Wroclawski, R. Braden. Tussle in Cyberspace: Defining Tomorrow's Internet . IEEE/ACM Transactions on Networking 13 (3), 2005 pp. 462—475. </li></ul><ul><li>J. Zittrain. A History of Online Gatekeeping. Harvard Journal of Law and Technology, 19(2), 2006 pp.253—298. </li></ul><ul><li>I.Brown. The law and economics of cybersecurity (Eds. Mark F. Grady and Francesco Parisi). Law Quarterly Review (123), 2007 pp.172—175. </li></ul><ul><li>S. Marsh, I. Brown, F. Khaki.  Privacy Engineering , Cybersecurity KTN, 2008. </li></ul><ul><li>I. Brown. Internet filtering — be careful what you ask for. In Kirca, S and Hanson, L. (eds.)  Freedom and Prejudice: Approaches to Media and Culture , Istanbul: Bahcesehir University Press, 2008 pp.74—91. </li></ul><ul><li>I. Brown. Regulation of Converged Communications Surveillance . In B. Goold and D. Neyland (eds.) New Directions in Privacy and Surveillance , Exeter: Willan, 2009 pp.39—73. </li></ul>