Constitutions and tussles in cyberspace
-
Upload
ian-brown -
Category
Technology
-
view
3.325 -
download
1
description
Transcript of Constitutions and tussles in cyberspace
Constitutions and tussles in cyberspace
Dr Ian BrownOxford Internet Institute
University of Oxford
OverviewTussles and human
rights
The effectiveness of constitutions as design-time constraints
Designing for privacy
Protecting free speech
Government privacy tussles
If data can be collected about individuals, there will be government pressure to store, enhance and access that information
E.g. PATRIOT Act National Security Letters, NSA activities within the US, EU data retention directive, National DNA Database
Encryption is no protection if governments can compel decryption by third parties
Govt censorship tussles US Communications
Decency Act of 1996; Child Online Protection Act of 1998
UK Internet Watch Foundation and CleanFeed
Australia planning to block access to sites “unsuitable for children” and “unsuitable for adults”
Great Firewall of China
Disconnecting BurmaFlickr user racoles (2007)
Key constitutional protectionsReaffirming their profound belief in those fundamental freedoms which are the foundation of justice and peace in the world:…§8 Everyone has the right to respect for his private and family life, his home and his correspondence
§9 Everyone has the right to freedom of thought, conscience and religion
§10 Everyone has the right to freedom of expression
§11 Everyone has the right to freedom of peaceful assembly and to freedom of association with others (ECHR, 1950)
extending the ground of public confidence in the Government, will best insure the beneficent ends of its institution…
I: Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble
IV: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated (US Bill of Rights, 1791)
Constitutional enforcers “the blanket and indiscriminate nature of the powers of retention
of the fingerprints, cellular samples and DNA profiles of persons suspected but not convicted of offences…fails to strike a fair balance between the competing public and private interests…Accordingly, the retention at issue constitutes a disproportionate interference with the applicants' right to respect for private life and cannot be regarded as necessary in a democratic society.” S. & Marper v UK (ECtHR Nos 30562/04 and 30566/04, 2008)
“As the most participatory form of mass speech yet developed, the Internet deserves the highest protection from governmental intrusion…just as the strength of the Internet is chaos, so the strength of our liberty depends upon the chaos and cacophony of the unfettered speech the First Amendment protects.” ACLU v. Reno, 929 F. Supp. 824 (E.D. Pa. 1996)
When constitutions fail “There can be no doubt that the
use of force protects the Nation's security and helps it achieve its foreign policy goals. Construing the Constitution to grant such power to another branch could prevent the President from exercising his core constitutional responsibilities in foreign affairs.” –OLC, 25.ix.01
Prof. Doug Cassel: If the President deems that he’s got to torture somebody, including by crushing the testicles of the person’s child, there is no law that can stop him?Prof. John Yoo: No treaty.Cassel: Also no law by Congress. That is what you wrote in the August 2002 memo.Yoo: I think it depends on why the President thinks he needs to do that.
Designing for privacy Data minimisation key: is your
data really necessary? (Marsh, Brown and Khaki, 2008)
Limit personal data collection, storage, access and usage In particular, of persistant global
identifiers such as IP addresses Minimise middlebox plaintext access
(Brown, 2001) and external observability (Stajano and Anderson, 1999)
Users must also be notified and consent to the processing of data – user interfaces? Ade Rowbotham (2005)
Protecting free speechRegulate production and consumption rather
than distribution – strengthen “mere conduit” and “actual knowledge” law (Brown, 2007)
Build replicated, highly redundant Content Distribution Networks with blind peers – encrypt data flows and caches (Anderson, 1996)
Minimise points of observation and control (Zittrain, 2006)
Conclusions “Law enforcement was not supposed to be easy. Where it is
easy, it's called a police state.” –Jeff Schiller, IETF Security AD (12.xii.1999)
“Just as publication of the Bible challenged the abuses that had accreted over centuries of religious monopoly, so the spread of technical know-how destroyed the guilds. Reformation and a growing competitive artisan class led to the scientific and industrial revolutions, which have given us a better standard of living than even princes and bishops enjoyed in earlier centuries.” –R.J. Anderson (1996)
Build technologies that support European privacy law and US free speech law, and not vice versa
ReferencesR.J. Anderson. The Eternity Service. In 1st Intl. Conf. on the Theory and Applications of
Cryptology, 1996.
F. Stajano and R.J. Anderson. The Cocaine Auction Protocol: On The Power Of Anonymous Broadcast. LNCS 1768, 1999 pp. 434—447.
I. Brown. End-to-end security in active networks. PhD thesis, UCL, 2001.
D. Clark, K. Sollins, J. Wroclawski, R. Braden. Tussle in Cyberspace: Defining Tomorrow's Internet. IEEE/ACM Transactions on Networking 13 (3), 2005 pp. 462—475.
J. Zittrain. A History of Online Gatekeeping. Harvard Journal of Law and Technology, 19(2), 2006 pp.253—298.
I.Brown. The law and economics of cybersecurity (Eds. Mark F. Grady and Francesco Parisi). Law Quarterly Review (123), 2007 pp.172—175.
S. Marsh, I. Brown, F. Khaki. Privacy Engineering, Cybersecurity KTN, 2008.
I. Brown. Internet filtering — be careful what you ask for. In Kirca, S and Hanson, L. (eds.) Freedom and Prejudice: Approaches to Media and Culture, Istanbul: Bahcesehir University Press, 2008 pp.74—91.
I. Brown. Regulation of Converged Communications Surveillance. In B. Goold and D. Neyland (eds.) New Directions in Privacy and Surveillance, Exeter: Willan, 2009 pp.39—73.