Presentation by Trilateral Research given at INSPEC2T's first Stakeholders Advisory Group and External Experts Group workshop, Vienna, November 2015 on the privacy and data security considerations for the design of the INSPEC2T system
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Privacy & security considerations for social media policing system
1. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union's Horizon 2020
research and innovation programme
under grant agreement No 653749
INSPEC2T System Security & Privacy Considerations
Rachel Finn
Trilateral Research, UK
INSPEC2T
INS P E
C C T
2. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
INSPEC2T system security & privacy considerations
• Privacy and data security are key challenges for the optimal use of social media for community
policing.
• This deliverable will ensure that the INSPEC2T system will follow a Security and Privacy by
Design approach.
o This will include design, development and implementation phases.
• Data security and privacy will become integral to INSPEC2T priorities, objectives, design
processes and planning operations by:
o Safeguarding information
o Ensuring consent of participants through transparency
o Respecting data protection and human rights
• Outcome – one of the main inputs for the design requirements of INSPEC2T and sets principles
for assessment of INSPEC2T.
2
3. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Community policing & social media
• Contextual background – law enforcement in the digital age
o Widespread adoption of social media has led to novel ways of community policing
o Police use social media to engage with citizens and include the public in law enforcement
o Allows for gathering of intelligence
o Many forces have a social media presence – e.g., in the UK, 98% of police forces have corporate Twitter
account with an average of 18,000 followers
3
4. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Community policing & social media
• The privacy and security implications and challenges regarding the use of social media in
community policing.
o Loss of control
o Potential for abuse
o Undermining public trust
4
5. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Privacy and security by design
Privacy and Security by Design
• “The philosophy and approach of embedding privacy directly
into the design and operating specifications of information
technologies and systems”
– Ann Cavoukian, Privacy by Design:
Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era
• Achieved by building on principles of Fair Information
Practices early in the development of the system.
• By building privacy into the design of the system
at an early stage, public trust is enhanced.
5
6. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Outline of the report
D2.3: Security and privacy considerations for the INSPEC2T system
• Identify relevant privacy and data security challenges
• Identify potential technical solutions and processural safeguards to address these challenges
• Assess current police practice
• Make recommendations for the INSPEC2T system
6
7. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Privacy & data security challenges
• Identifying data inaccuracies and measures to correct them
• Ensuring legitimate and proportional use (avoiding surveillance, function creep, etc.)
• Preventing data breaches
7
8. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Challenges – Inaccuracies
• Following bomb in Bangkok, surveillance footage of
suspected bomber released
• Australian actor and fashion blogger living in Bangkok
incorrectly identified by Internet commentators
• Police interviewed him and searched his apartment for
bomb making equipment
“[M]any social media outlets released my photo in Thailand saying that
I was a suspected terrorist as looked like the suspect in question. All
my private information from immigration was leaked online and people
were looking for me – They even knew my home address.”
8
9. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Challenges – Inaccuracies
• Boston Marathon Bombing – several mistakenly identified
suspects
• Sunil Tripathi, whose body was eventually discovered
• “Bag men”, New York Post, who are currently pursuing a
lawsuit against the paper
• This misinformation made it into the media, blogs and to
individuals’ families and employers.
The inter-linkage between social media and crowdsourcing “led to
images stripped of their context being passed around as though
they were confirmed”. New Statesman, 19 April 2013.
9
10. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Challenges - Proportionate and legitimate use
• Allowing local police to keep tabs on #gunfire, #meth, and #protest in their communities.
o Some criminals may tweet about their crimes, but many such tweets are not crime related – e.g., many
#meth tweets relating to Breaking Bad
• Useful as a way to "listen in" on people who would not ordinarily be talking to police.
“Used well, such tools should make police departments more aware of both local problems and complaints about their
own work. Used less than well, it can be a bit creepy, sort of on par with having a kid's uncle listen outside her bedroom
during a slumber party. And used badly, it can make a nice tool for keeping an eye on critics/dissenters.”
- Nate Anderson, ‘How the Cops Watch your Tweets in Real Time’, ars technica.com
10
11. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Challenges - Proportionate and legitimate use
• SketchFactor – an app which would allow users to
report having seen or experienced something “sketchy” in
a particular location.
• These reports would then be geotagged and overlaid on a
Google map, creating a ‘sketchiness’ map.
• The idea was to help urban walkers be more street-smart.
• But subject to criticism that race would be used to profile
neighbourhoods as ‘sketchy’.
• After accusations of racism, the app never recovered.
11
12. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Challenges – Data security
• In UK from 2007 – 2010: 904 police officers and staff subject to disciplinary procedures for
breaching the Data Protection Act.
• Breaches ranged from minor rule-breaks on social media to serious allegations of misconduct
leading to arrests.
12
13. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Potential solutions
Data Security Solutions
• Data collection
o anonymity
o (unrestricted) collection and processing of
personal and sensitive information
o informed consent
13
• Data processing
o authentication
o logging
o minimal granularity
o automated deletion routines
o data validation, etc.
• Data storage and access
o secure storage (physical and cyber-security)
o unauthorised access to or disclosure of data
o technical information security controls
14. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Current police social media practice
Current data practices and privacy considerations in community policing
• What privacy issues are LEAs aware of?
• What privacy issues are LEAs attempting to address?
• What technologies are LEAs using?
• How are they using these technologies?
• What is working?
• What isn’t working?
Based on anonymised information collected from our project partners.
14
15. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Recommendations
• Match the suggested solutions to the specific challenges raised
• Highlight what controls can be built into the design to protect the privacy interests
• Highlight key findings and recommending steps that are required to manage privacy related
challenges in implementing the INSPEC2T platform
15
16. 1st SAG / EEG Meeting, VICESSE, Vienna - Austria
JOIN US
INSPEC2T has received funding from the
European Union’s Horizon 2020
research and innovation programme
under grant agreement No 653749
Thank you for your attention!
16
For more information please contact:
Rachel Finn – rachel.finn@trilateralresearch.com
Jo Simon – joanna.simon@trilateralresearch.com
Kush Wadhwa – kush.wadhwa@trilateralresearch.com
Editor's Notes
Janus faced tool – two sides to the coin. Risks aren’t just for members of the public – also for the police. Media tends to focus only on risks to public, police focus on risks to themselves – reality is that it is both.
Cavoukian, ‘Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era’ in Yee, George, O.M., (2012) Privacy Protection Measures and Technologies in Business Organizations, ch 7.
http://thenextweb.com/opinion/2015/08/19/your-kitschy-fb-photos-dont-mean-shit/
Clear examples where both the police and members of the public lost control over information once it was posted on social media.