Governance & Security

As the cost and size of devices falls and network access becomes ubiquitous, it is evident that not only major industries but whole areas of consumption, public service and domestic life will be capable of being transformed.

The 2nd Annual Internet of Things Europe 2010: A Roadmap for Europe, 2010. Image by Pierre Metivier.

On 17 April 2013, the US Federal Trade Commission published a call for inputs on the ‘consumer privacy and security issues posed by the growing connectivity of consumer devices, such as cars, appliances, and medical devices’, in other words, about the impact of the Internet of Things (IoT) on the everyday lives of citizens. The call is in large part one for information to establish what the current state of technology development is and how it will develop, but it also looks for views on how privacy risks should be weighed against potential societal benefits. There’s a lot that’s not very new about the IoT. Embedded computing, sensor networks and machine to machine communications have been around a long time. Mark Weiser was developing the concept of ubiquitous computing (and prototyping it) at Xerox PARC in 1990.  Many of the big ideas in the IoT—smart cars, smart homes, wearable computing—are already envisaged in works such as Nicholas Negroponte’s Being Digital, which was published in 1995 before the mass popularisation of the internet itself. The term ‘Internet of Things’ has been around since at least 1999. What is new is the speed with which technological change has made these ideas implementable on a societal scale. The FTC’s interest reflects a growing awareness of the potential significance of the IoT, and the need for public debate about its adoption. As the cost and size of devices falls and network access becomes ubiquitous, it is evident that not only major industries but whole areas of consumption, public service and domestic life will be capable of being transformed. The number of connected devices is likely to grow fast in the next few years. The Organisation for Economic Co-operation and Development (OECD) estimates that while a family with two teenagers may have 10 devices connected to the internet, in 2022 this may well grow to 50 or more. Across the OECD area the number of…

Despite large investments of law enforcement resources, online child exploitation is nowhere near under control, and while there are numerous technological products to aid this, they still require substantial human intervention.

The Internet has provided the social, individual, and technological circumstances needed for child pornography to flourish. Sex offenders have been able to utilise the Internet for dissemination of child pornographic content, for social networking with other pedophiles through chatrooms and newsgroups, and for sexual communication with children. A 2009 estimate by the United Nations estimates that there are more than four million websites containing child pornography, with 35 percent of them depicting serious sexual assault [1]. Even if this report or others exaggerate the true prevalence of those websites by a wide margin, the fact of the matter is that those websites are pervasive on the world wide web. Despite large investments of law enforcement resources, online child exploitation is nowhere near under control, and while there are numerous technological products to aid in finding child pornography online, they still require substantial human intervention. Despite this, steps can be taken to increase the automation process of these searches, to reduce the amount of content police officers have to examine, and increase the time they can spend on investigating individuals. While law enforcement agencies will aim for maximum disruption of online child exploitation networks by targeting the most connected players, there is a general lack of research on the structural nature of these networks; something we aimed to address in our study, by developing a method to extract child exploitation networks, map their structure, and analyse their content. Our custom-written Child Exploitation Network Extractor (CENE) automatically crawls the Web from a user-specified seed page, collecting information about the pages it visits by recursively following the links out of the page; the result of the crawl is a network structure containing information about the content of the websites, and the linkages between them [2]. We chose ten websites as starting points for the crawls; four were selected from a list of known child pornography websites while the other six were selected and…

Investigating the relationship between Internet-based applications and data and the policy process.

We are pleased to present the combined third and fourth issue of Volume 4 of Policy and Internet. It contains eleven articles, each of which investigates the relationship between Internet-based applications and data and the policy process. The papers have been grouped into the broad themes of policy, government, representation, and activism. POLICY: In December 2011, the European Parliament Directive on Combating the Sexual Abuse, Sexual Exploitation of Children and Child Pornography was adopted. The directive’s much-debated Article 25 requires Member States to ensure the prompt removal of child pornography websites hosted in their territory and to endeavor to obtain the removal of such websites hosted outside their territory. Member States are also given the option to block access to such websites to users within their territory. Both these policy choices have been highly controversial and much debated; Karel Demeyer, Eva Lievens, and Jos Dumortie analyse the technical and legal means of blocking and removing illegal child sexual content from the Internet, clarifying the advantages and drawbacks of the various policy options. Another issue of jurisdiction surrounds government use of cloud services. While cloud services promise to render government service delivery more effective and efficient, they are also potentially stateless, triggering government concern over data sovereignty. Kristina Irion explores these issues, tracing the evolution of individual national strategies and international policy on data sovereignty. She concludes that data sovereignty presents national governments with a legal risk that can’t be addressed through technology or contractual arrangements alone, and recommends that governments retain sovereignty over their information. While the Internet allows unprecedented freedom of expression, it also facilitates anonymity and facelessness, increasing the possibility of damage caused by harmful online behaviour, including online bullying. Myoung-Jin Lee, Yu Jung Choi, and Setbyol Choi investigate the discourse surrounding the introduction of the Korean Government’s “Verification of Identity” policy, which aimed to foster a more responsible Internet culture by mandating registration of a user’s real…

While ‘cybercrime’ can be used to describe a range of undesirable conduct facilitated by networked technologies, it is not a legal term of art, and many so-called cybercrimes are not necessarily crimes as far as the criminal law is concerned.

Cybercrime is just one of many significant and challenging issues of ethics and public policy raised by the Internet. It has policy implications for both national and supra-national legislation, involving, as it may, attacks against the integrity, authenticity, and confidentiality of information systems; content-related crimes, and “traditional”: crimes committed using networked technologies.

While ‘cybercrime’ can be used to describe a wide range of undesirable conduct facilitated by networked technologies, it is not a legal term of art, and many so-called cybercrimes (such as cyber-rape and the virtual vandalism of virtual worlds) are not necessarily crimes as far as the criminal law is concerned. This can give rise to novel situations in which outcomes that feel instinctively wrong do not give rise to criminal liability. Emily Finch discusses the tragic case of Bernard Gilbert: a man whose argument over a disputed parking space led to his death, a police officer having disclosed Gilbert’s home address to his assailant. The officer was charged simply with the offence of disclosing personal data; the particular consequences of such disclosure being immaterial under English criminal law. Finch argues that this is unsatisfactory: as more personal information is gathered and available online, the greater the potential risk to the individual from its unauthorised disclosure. She advocates a two-tier structure for liability in the event that disclosure results in harm.

(more…)

The fact that data collection is now so routine and so extensive should make us question whether the regulatory system governing data collection, storage and use is fit for purpose.

Catching a bus, picking up some groceries, calling home to check on the children—all simple, seemingly private activities that characterise many people’s end to the working day. Yet each of these activities leaves a data trail that enables companies, even the state, to track the most mundane aspects of our lives. Add to this the range and quantity of personal data that many of us willingly post online on our blogs, Facebook walls or Google docs, and it is clear that the trail of digital footprints we leave is long and hard to erase. Even if in most cases, this data is only likely to be used in an anonymised and aggregated form to identify trends in transport or shopping patterns, or to personalise the Internet services available to us, the fact that its collection is now so routine and so extensive should make us question whether the regulatory system governing data collection, storage and use is fit for purpose. A forthcoming OII policy forum on Tracing the Policy Implications of the Future Digital Economy (16 Feb) will consider this question, bringing together leading academics from across several disciplines with policy-makers and industry experts. This is a topic which the OII is well-placed to address. Ian Brown’s Privacy Values Network project addresses a major knowledge gap, measuring the various costs and benefits to individuals of handing over data in different contexts, as without this we simply don’t know how much people value their privacy (or indeed understand its limits). The last Oxford Internet Survey (OxIS) rather surprisingly showed that in 2009 people were significantly less concerned about privacy online in the UK than in previous years (45% of all those surveyed in 2009 against 66% in 2007); we wait to see whether this finding is repeated when OxIS 2011 goes into the field next month. Our faculty also have much to say about the adequacy (or otherwise) of the regulatory framework:…

We are pleased to present six articles that spread across the scope of the journal laid out in the first article of the first issue, The Internet and Public Policy.

Welcome to the second issue of Policy & Internet and the first issue of 2010! We are pleased to present six articles that spread across the scope of the journal laid out in the first article of the first issue, The Internet and Public Policy (Margetts, 2009). Three articles cover some aspect of trust, identified as one of the key values associated with the Internet and likely to emerge in policy trends. The other three articles all bring internet-related technologies to centre stage in policy change. Helen Margetts: Editorial Stephan G. Grimmelikhuijsen: Transparency of Public Decision-Making: Towards Trust in Local Government? Jesper Schlæger: Digital Governance and Institutional Change: Examining the Role of E-Government in China’s Coal Sector Fadi Salem and Yasar Jarrar: Government 2.0? Technology, Trust and Collaboration in the UAE Public Sector Mike Just and David Aspinall: Challenging Challenge Questions: An Experimental Analysis of Authentication Technologies and User Behaviour Ainė Ramonaite: Voting Advice Applications in Lithuania: Promoting Programmatic Competition or Breeding Populism? Thomas M. Lenard and Paul H. Rubin: In Defense of Data: Information and the Costs of Privacy