Thursday, August 31, 2006

Academic workshop on privacy at ECPR in Helsinki, May 2007

My ongoing academic interest in questions of the politics and governance of privacy has led me to team up with my colleague Charles Raab of Edinburgh University, one of the leading experts on the subject. Together we have developed the program for a workshop to be held at the next annual meeting of the European Consortium for Political Research (the European level political science association which, however, accepts departments from around the world for membership).

Charles was a pioneer in directing a workshop on the topic at ECPR some 25 years ago, so for him it is a coming back. Next year, our workshop will focus on "Privacy and Information: Modes of Regulation". We are interested in how recent technological developments — that increased personal data massively and made them cheaply storable and transferable — have challenged and altered the political regulation of privacy around the world. Issues such as biometrical passports, the establishment of DNA databases, the use of CCTV cameras in public space, and the use of RFID chips have spawned political debates in many countries as well as theoretical reflection.

We hope to attract good proposals from colleagues around the world who work on the issues of privacy and information policy from either a theoretical or empirical perspective, and we look forward to meeting with them and discussing their and our work in May next year.

You can find the leaflet with the detailed information and workshop abstracts here. If you are interested and have questions, feel free to contact me!

Technorati Tags: ,

Friday, August 25, 2006

Legal expertise: surrender of SWIFT financial data violated German and European data protection laws

After 9/11, the U.S. administration obtained massive amounts of data about financial transactions worldwide from a Belgian cooperative named SWIFT for the purpose of tracking terrorist financial flows (see a previous blog entry). Now a German data protection agency has published a legal opinion arguing that the surrender of the data to American authorities violated both German and European level data protection laws.

The agency in question is the "Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein" or ULD, an independent data protection agency in one of Germany's 16 federal states, operating under public law and acting as a promoter, protector, and auditor of data protection standards. It has long been at the forefront of the public debate on data protection issues in Germany (see its website here, in German language).

ULD argues that SWIFT (the Society for Worldwide Interbank Financial Telecommunication) acts as subcontractor to German (and other) banks who are therefore obliged to force SWIFT not to pass its data on to unauthorized others. Specifically, data concerning intra-European financial transactions must not be mirrored to SWIFT branches in the United States. ULD has asked German banks to report by the end of September about measures they have undertaken to fulfill their obligations.

The expert opinion can be found here (in German language).

In European business papers, concerns had been expressed that the data transmitted to the United States might be used for purposes of industrial espionage (see the German daily Handelsblatt report on 11 July 2006 here and the Austrian daily Die Presse on the same day here). The European Parliament on 6 July 2006 passed a resolution warning against such misuse of the data and strongly criticizing the U.S. action (see also here).

Technorati Tags: ,

Tuesday, August 08, 2006

If you're looking for a contract killer, use Google, not AOL…

…seems to be the lesson of the latest hiccup concerning data privacy on a big scale. What has happened?

As is widely reported (see the stories in the New York Times, on slashdot, or CNET), AOL released the search data of 658000 users on the internet — 20 mio searches done in the March to May 2006 period, or 0.3 per cent of all searches, overall 2 Gigabyte of data. While AOL user names have not been included, users have a unique identifier which makes it possible to identify the searches submitted by the same user. And since many people submit search terms that gives clues to their identity (so-called "vanity searches", e.g. for their own name, firm, or city), it may be possible to identify some of them.

This may be highly embarrassing, because many people are submitting searches for such unsavoury things as drugs, child porn, or a contract killer for their wife. Or they may reveal deep trouble — see some examples here.

Why has AOL published these data? For research purposes, and not for commercial use. Will spammers keep to these terms? You bet... Apparently the company now regards it as a mistake. The data were taken from the web and the spokesman has apologized.

Some interesting background: last August, the US administration subpoenaed AOL, Yahoo and Google for user data. But of the three companies, only Google chose to fight that order in the courts and won, earning lots of reputational brownie points on the way. So, are user's search data safer with Google than with AOL? Only time will tell.

The case, in my view, has the potential to be scandalized -- both by US lawmakers intent on regulating the internet more to fight evil use of it, and by civil rights campaigners who may call for European style data protection legislation regulating private sector use of data. But it could also spark new rows between the European Union and the US about data privacy.

Update: A website through which you can search and analyse the AOL user data has been set up for example here (there are also several others), and The New York Times has the story how they traced one of the users here. How did they find her? She had repeatedly looked for specific places in a small town in Georgia, searched for a name (which turned out to be also hers), and when asked by a reporter who had tracked her down admitted that the searches were hers. “My goodness, it’s my whole personal life,” she said. “I had no idea somebody was looking over my shoulder”, the NYT quotes her as saying.

Technorati Tags: ,