MAPPING: Magna Carta, Carte Blanche and "the mother of all challenges"
"The mother of all challenges: how to reconcile security with freedom". This was the proposition that opened the final round of discussions on internet governance and surveillance at the MAPPING Extraordinary General Assembly in Rome today. Any Magna Carta for internet use would have to address this, said the first speaker in this session, addressing due process as well as substantive provisions for the benefit of stakeholders -- but would this be sufficiently robust to protect the interests of those who needed protection? A commitment to export control for internet-related technologies was also needed, he added, citing an observation made by a participant at a recent conference that the Chinese Wall which insulated China's populace from the web at large was built with Western bricks.
The second speaker admired the first speaker's statement about reconciling security with freedom, but added that, in his opinion, the mother of all challenges was how to reconcile security not with freedom but with privacy. He then enumerated the elements that any Magna Carta would need. These included all the obvious and usual points, together with user notification (so that an individual can challenge surveillance upon him which he might not otherwise know about), transparency and integrity of security systems (so they should not contain "back doors" through which surveillance might be conducted).
The next speaker addressed reform proposals that had been discussed in the United States which, unsurprisingly, appeared to be having much the same problems as the rest of us. This speaker urged that not only data but metadata should be governed by the law and that distinctions between US and non-US citizens should be abolished since there is no legal or constitutional basis for them. The third party doctrine (that there is no expectation of privacy where data is held by a third person) should be scrapped too, since it's meaningless where we don't hold emails on our own computers but leave them with distant hosts.The National Security Agency (NSA) bulk data-gathering practices should be stopped since there is no evidence that they have brought any positive results. Protection of users' needs should not be left in third party hands either: companies like Google and Verizon have less interest in the protection of individuals' data than do those individuals themselves. Use of market forces was also worth trying: for example, Germany has said that it won't give work to companies that give data to the NSA.
The next speaker spoke of a "flurry of principles" caused by various bodies and organisations expressing their sentiments concerning control of surveillance and freedom of opinion and expression. Hearings have been held, proposals for data protection and routing made, legal proceedings have been commenced and diplomatic action initiated. In the long term there might be a formal agreement, but in the meantime there will be more of a consolidation of principles within the global community. Definitions must replace carte blanche as to what is necessary, what is proportional, what is justifiable.
At this point the Assembly was thrown open for discussion again. A tricky topic raised at this point was how to give people a trusted online identity that will enable people to trust that the person they are dealing with is indeed the person they think it is. The US National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative was a case in point. Another discussant suggested that there were times when identity is crucial, such as where a patient seeks medical help, and times when it may be undesirable, such as when a citizen is seeking information from a government.
Other topics discussed at this point included data retention as a surveillance issue, how to get Parliamentary involvement and the voluntary adoption of internet technical standards, whether the real danger to the internet was provided by organisations like the NSA or giant users like Google and Facebook and whether a piece of paper such as a governance treaty was sufficient when what was truly needed was a "G20".
The second speaker admired the first speaker's statement about reconciling security with freedom, but added that, in his opinion, the mother of all challenges was how to reconcile security not with freedom but with privacy. He then enumerated the elements that any Magna Carta would need. These included all the obvious and usual points, together with user notification (so that an individual can challenge surveillance upon him which he might not otherwise know about), transparency and integrity of security systems (so they should not contain "back doors" through which surveillance might be conducted).
The next speaker addressed reform proposals that had been discussed in the United States which, unsurprisingly, appeared to be having much the same problems as the rest of us. This speaker urged that not only data but metadata should be governed by the law and that distinctions between US and non-US citizens should be abolished since there is no legal or constitutional basis for them. The third party doctrine (that there is no expectation of privacy where data is held by a third person) should be scrapped too, since it's meaningless where we don't hold emails on our own computers but leave them with distant hosts.The National Security Agency (NSA) bulk data-gathering practices should be stopped since there is no evidence that they have brought any positive results. Protection of users' needs should not be left in third party hands either: companies like Google and Verizon have less interest in the protection of individuals' data than do those individuals themselves. Use of market forces was also worth trying: for example, Germany has said that it won't give work to companies that give data to the NSA.
The next speaker spoke of a "flurry of principles" caused by various bodies and organisations expressing their sentiments concerning control of surveillance and freedom of opinion and expression. Hearings have been held, proposals for data protection and routing made, legal proceedings have been commenced and diplomatic action initiated. In the long term there might be a formal agreement, but in the meantime there will be more of a consolidation of principles within the global community. Definitions must replace carte blanche as to what is necessary, what is proportional, what is justifiable.
At this point the Assembly was thrown open for discussion again. A tricky topic raised at this point was how to give people a trusted online identity that will enable people to trust that the person they are dealing with is indeed the person they think it is. The US National Strategy for Trusted Identities in Cyberspace (NSTIC) initiative was a case in point. Another discussant suggested that there were times when identity is crucial, such as where a patient seeks medical help, and times when it may be undesirable, such as when a citizen is seeking information from a government.
Other topics discussed at this point included data retention as a surveillance issue, how to get Parliamentary involvement and the voluntary adoption of internet technical standards, whether the real danger to the internet was provided by organisations like the NSA or giant users like Google and Facebook and whether a piece of paper such as a governance treaty was sufficient when what was truly needed was a "G20".