Oops! The input is malformed!
Originally published February 15, 2011
At some point any technology intersects public policy. Whenever a specific technology starts to have an impact on people, communities must decide what to do and a debate generally ensues. This is the way in which democratic societies make decisions on what courses of action to take —what measures to implement or procedures to put in place—in order to address the public issues that a technology eventually raises.
We have seen this happen again and again. Automotive technology led us to establish traffic laws, driver’s licenses and pollution standards. Telephony, electricity, and aviation have generated substantial governmental regulation as well.
We started debating what to do with respect to information technology even from the earliest days as it became evident that for all the positive things that IT enabled, it also had the potential—voluntarily or involuntarily—to harm individuals. In the early days it was about the impact of automation on jobs and the labor markets; that was followed by the discussion on computer crime. Now that we have been into IT for a period spanning seven decades, the debate has centered on privacy protection. Data mining in particular, as a key discipline with the potential for breaching individual privacy, has come under much scrutiny lately. A few months ago I reported about my participation in a conference in Zurich, Switzerland where I was asked to address that specific subject area. (See To Data Mine or Not to Data Mine in the Fight Against Terrorism)
Now DETECTER has held another meeting—its fourth—to focus on the policymaking aspects of the issue. You may recall from my earlier column that DETECTER is the Detection Technologies, Counter-Terrorism Ethics, and Human Rights project launched by the European Union (and coordinated by the Centre for the Study of Global Ethics at the University of Birmingham) to address the “ethical and legal ramifications of the use of various detection and surveillance technologies in counter-terrorist efforts.” There are seven academic institutions involved in DETECTER (Abo Academy University (Finland), University of Birmingham (UK), Danish Institute for Human Rights (Denmark), European University Institute (Italy), Norwegian Centre for Human Rights (Norway), Raoul Wallenberg Institute of Human Rights and Humanitarian Law (Sweden) and the University of Zurich (Switzerland).
This latest event was held in early November in Lund, a pleasant and beautiful university town in southern Sweden, very close to Malmo. Lund was chosen as the venue given that it is home to one of the DETECTER academic partners, the prestigious Raoul Wallenberg Institute.
While I was asked to discuss how public policy on these issues is made in the United States, I felt the more interesting topic was to understand the differences as well as the areas of common ground with which Europe and the U.S. approach the subject. This is important because there is currently an emerging tension that is growing between the U.S. and Europe precisely on public policy related to the use of IT for “homeland defense” considerations. Just a few weeks before the conference I had read two pieces in The Washington Post that underscore the issue. The first one was by former Assistant Secretary of the Department of Homeland Security, Stewart Baker, who wrote an editorial titled “How Europe puts America at risk,” (10/8/10). The other was Edward Cody’s article, “Armed with new treaty, Europe amplifies objections to U.S. data-sharing demands” (10/26/10). Clearly the gloves are off and the best of allies seem to be looking at the subject matter from a different perspective.
To me, the common ground is clear. Our 9/11 and Europe’s Madrid and London bombings have established a strong bond of blood and suffering between both sides of the Atlantic and a joint understanding about the need to identify and preempt future terrorist attacks. Our differences stem more from the ways and means to do it. Europeans seem to champion much more careful approaches with respect to the protection of privacy and human rights, while we are willing to push technology more aggressively into the effort. In both cases we are dealing with the application of information technology and the key legislation that regulates it is primarily around data and privacy protection. In this area, the Europeans are substantially ahead of us and have given privacy a higher value, in my opinion, than we have.
Don’t read this and walk away with the wrong impression that Americans don’t care about privacy and human rights. We certainly do, and the fact that our Bill of Rights—the first Ten Amendments of our Constitution—has served as the basis for most historical efforts to protect human rights around the world should be a strong indication. It is just that as a society, Europe appears to rank privacy higher with respect to other rights than we do.
The topic is certainly debated among the European themselves, as we saw in Lund. With executives from various European intelligence and security services present, as well as several European representatives to relevant United Nations bodies (e.g., UN Human Rights Committee and the UN Office on Drugs and Crime), lawyers, philosophers, technologists and businessmen, there was ample discussion on all sides of the issue. But Europeans start from the baseline of their legislation on data protection, which means they start from a different point than do Americans.
On the common ground side, the importance of maintaining intelligence and security operations under civilian and government control was shared. The Europeans provided many examples of policy approaches and procedures to accomplish this as well as historical anecdotes as counterexamples.
During my turn to lecture, I took the audience through a high-level review of policy making in the U.S. with respect to the use of “detection technologies” for counterterrorism purposes and how we protect against excesses through policy, regulation and legislation. Much of the discussion revolved on privacy but it started with the basics on the “security vs. civil liberties” debate and how it is historically shaped by the public’s views. We talked about how this debate has been present since the earliest days of the republic and that in times of war (or perceived external threats) the pendulum swings more toward security.
The Patriot Act gets a lot of attention from the Europeans but in fact there are a number of other statutes that have an important impact on that debate. Among them:
But we also talked about the Fair Information Practice Principles (FIPPs) and the role they played in some of the statutes and in shaping practice, especially in the Federal government.
Yet one of the more important differences between the E.U. and us is that most of our existing legislation on data protection is aimed exclusively at government and exempts the private sector. This opens the door for much exchange and controversy.
In any case, whether in the U.S. or the E.U., it is government that has the responsibility to keep the citizenry secure while bearing the brunt of the protests when the methods used are deemed too draconian in crowding civil liberties. And well it should, since ultimately we must remember the wise words of James Madison in Federalist Paper #51:
“If men were angels, no government would be necessary…In framing a government which is to be administered by men over men...oblige it to control itself.”
Recent articles by Dr. Ramon Barquin