National Privacy Debate 2012
On 11 June this year, the long-awaited National Privacy Debate place. Privacy First lists for you the aspects that struck us most, starting with the striking plea By Brenno de Winter for a Privacy Delta Plan:
"The National Privacy Debate is a unique opportunity to start something great and challenge people to join the public discussion. Let's seize that opportunity and work on a Delta Plan. Make the Netherlands an example country again. An example as a constitutional state in terms of protecting its citizens. That is where we are at our best!"
Following this, the floor was given to Anthony House (Google), who at the end of his keynote speech posed the following question to the audience:
"Are the principles of data protection that were developed in the 1970s still good today? Do we need to start from scratch on privacy principles?"
From the silence in the room and some of the responses that followed, it was clear (thankfully) that the classic privacy principles are still sufficient, at least for the most part.
Then it was the turn of the first panel discussion, where the central question was what is currently preferred: more legal regulation or more self-regulation? Responses from the panel and from the audience showed a predominant preference for both options together rather than just one or the other. As in the financial sector, proper legislation and tight enforcement have now proved to be dire necessities for the ICT sector too. However, that legislation is only a minimal, rapidly ageing lower limit. It is therefore up to the ICT sector itself to always operate at the highest, most privacy-friendly (or customer-friendly) level. This is an important selling point and offers important competitive advantages. In this sense, legislation and self-regulation can complement each other well.
This was followed by a speech by Joost Farwerck (KPN) who pointed out, among other things, that privacy is now a very high priority among a broad Dutch public: KPN's research had shown that this is what the public values most after good healthcare and good education. Partly for this reason, KPN had established an internal Privacy Awareness programme and an external Privacy Mission. Finally, Farwerck advocated making the National Privacy Debate a recurring event. (Later that day, Arie van Bellen (ECP-EPN) also argued for this.) Privacy First gladly concurs.
Interesting during the second panel session (about privacy and security) in particular were the parallels drawn with security in other sectors, such as the food industry and the aviation sector, in terms of regulation and self-regulation as well as monitoring and enforcement. Earlier in the day, Vincent Böhre (Privacy First) had drawn a similar parallel with past developments in the field of environmental protection. Many participants in the debate agreed that the Dutch Data Protection Authority (CBP) has too few resources and powers on the one hand, but also enforces existing privacy legislation too weakly. Furthermore, Walter van Holst (Mitopics) rightly commented from the audience that more emphasis should be placed on data minimisation. After all, what is not there does not need to be secured.
The floor was next given to Bart de Koning: journalist and author of the book 'Everything under control, the government is watching you'. In his speech, the King pointed to a number of positive recent developments, including opposition to fingerprints in passports, new cookie legislation, net neutrality and political attention to the risks of the US Patriot Act. At the same time, he warned of negative developments such as the proposal to start RFID-chipping all licence plates. Also, the Netherlands is still the leader in eavesdropping. He further noted that the media (including Elsevier) pay more attention to privacy these days than before and that citizens are also increasingly watching the government instead of the other way around. "Citizens are peeping back" and this can "have a disciplining effect on the State", De Koning said. For the future, De Koning gave the following guidelines to the audience: 1) think first, then act, 2) data minimisation, 3) openness, 4) effectiveness, 5) horizon clauses and 6) permanent debate. Furthermore, De Koning called for the introduction of constitutional review (in the judiciary), a Constitutional Court and stronger supervision by the CBP. In this context, he drew a comparison with Germany, where ANPR (automatic number plate recognition) is banned.
There was then room for discussion with the audience, in which especially Joyce Hes (Civil Rights Protection Foundation) made an important point: many public debates (including the periodic Privacy Cafés at Felix Meritis) are held with privacy advocates. Politicians and officials critical of privacy rarely show up at such debates. The latter is not good for the discussion.
Finally, Bart de Koning added that the ethnic 'underclass' in particular is the victim of systematic privacy violations, including preventive searches. Privacy First endorses all these points.
The third panel session had as its theme "privacy and government":
On behalf of Privacy First Foundation bite Bas Filippini as follows:
"What we focus on are own choices in a free environment. By own choices you naturally think of freedom of choice, and a free environment means that we aim to keep the environment as free as possible for the average citizen in the Netherlands. This is unless you are with reason suspected of a criminal offence: then you can exchange privacy for safety. That is our philosophy. We reason things out first from principles, tested against the Constitution. Then we look at implementation: are there sufficient checks and balances? How do we set policy and how will we implement it? And only then do we look at technology. I always say, "you can stab someone with a knife, but you can also use it to make a sandwich." For many, technology is "the holy grail" that people hang everything on, without taking those first three steps: 1) principles, 2) policy, 3) implementation, and only then start looking at how to do smart things with technology. Often the principles of subsidiarity and proportionality are overstepped, and that is very unfortunate. There are many people in government who would like to do things differently, but if they disagree with something, they are quickly seen as whistleblowers, and that has a stigmatising effect. Thus, the Titanic so towards the ice floe, with the current result: more and more profiling. By this we mean no targeted profiling on reasonable suspicion of a crime, but tracking an entire population and seeing if there is "something wrong", based on outliers, the deviations from the average. We think this is a great danger, because then everyone becomes a suspect. As a result, you get a lot of self-censorship among people, both officials and citizens on the street."
During the remainder of the panel debate, first of all, comments from Ronald Leenes (Tilburg University) out: he rightly warned of a loss of trust among citizens in the government if that government does not take the right to privacy seriously. "The consideration of whether an invasion of privacy is necessary in a democratic society is hardly made by the government on a number of files," Leenes said. According to Leenes, data is collected stupidly "because it can be done", there is a huge reliance on technology, people think that more information leads to better decisions, there is insufficient consideration by the government of alternatives to achieve the same goals, and there is ignorance. At this, Leenes warned, among other things, about current plans to register prostitutes centrally. He also stressed that privacy is not only an individual right, but also has a social function.
Others on the panel pointed out the dangers of risk profiling. The fallacy "you have nothing to fear if you have nothing to hide" was also unanimously debunked: after all, everyone has the right to simply keep their private life to themselves. Moreover, the core element of freedom is precisely that you are allowed to have something to hide. It was also noted that a lot of work is needed to increase knowledge and awareness of privacy in the government. Some in the panel emphasised incompetence in government rather than intent. Bas Filippini responded that there is often indeed an agenda behind things, namely policies from the United States and the European Union. "How do you design your society? Do you do it based on fear, hate and control, or based on trust, freedom and love?" said Filippini.
There was then discussion with the audience, during which Jeroen Terstegge (PrivaSense) rightly noted that care should be taken to ensure that Privacy Impact Assessments (PIAs) are carried out by directly affected officials rather than by an independent regulator, e.g. a Chief Privacy Officer. In this area, there should be more self-criticism within the government, apart from the external role of the CBP. Another salient point from the audience was made at the end of the panel session by Dimitri Tokmetzis (Sargasso): insurance was originally designed to spread risk, but by profiling risks are actually being individualised. This is to the detriment of solidarity in our society.
After this, Pim Takkenberg (KLPD) gave a speech on the topic of privacy and investigation, where he specifically addressed the dilemmas surrounding the dismantling of a so-called botnet: a network of hijacked computer systems. According to Takkenberg, the legal framework in this context is sometimes still "insufficiently specific", for example in 1) remote "entry" (or hack) of computer systems by the police and 2) international cooperation in fighting cybercrime. Even in public-private partnerships, the police are "walking on eggshells" in this regard for the time being, Takkenberg said. To a question from the audience about the effectiveness of telecom data retention (data retention), Takkenberg replied that "sometimes you have to give things some time to see what it brings in the long run." This reinforces Privacy First's view that this measure should never have been introduced. Finally, Takkenberg then rightly stated that the police do not benefit from collecting too much information, but should instead be very selective about it.
The panel discussion on privacy and detection that followed took an unexpected turn with the comments of Jan Grijpink (Utrecht University, formerly also Justice) on the recent entanglements surrounding the biometric passport. Asked what annoyed him about the privacy debate, Grijpink replied as follows:
"The discussion about the biometric passport, I think that is a very good example of how a too persistent push - if I may say so - on the privacy side, overturns the security side. If we now get to the point where we say "we'll take the fingerprints off the passport again", then I will be very happy. In 2002, I would have liked to avoid putting fingerprints on passports, because there is no need at all to use fingerprints to check who the holder is. That was just an unnecessary act. But the moment you put fingerprints on that passport, you should be able to check whether those fingerprints are still the correct fingerprints, and whether the person claiming to belong is really that person. That led to the various ministers responsible deciding to put four fingers in a municipal database, and so if you don't have that, then the citizen is actually disenfranchised if he walks around with a document with two fingers, because the document is also meant to be given to others. If it is something for yourself, that is up to it, but a passport is there to be surrendered to another authority. When we hand out a passport, we do not even check with that same biometrics that it is really handed out to the person who is officially the holder. Either no fingerprints, or quite right. Both are in danger of breaking down now because of an overly insistent droning on one aspect of privacy. That's what I do worry about."
On this, he asked Vincent Böhre (Privacy First) to Grijpink on his assessment about the risk of function creep on storing fingerprints in municipal databases.
To this, Grabink replied as follows:
"If you only put the fingers on the passport, you just lose all control for the protection of the person. I have always advocated that four fingers - the two on the passport and two others - should reside with the municipality to check that it is still the right person and that nothing has been changed on the document. This also allows you to exonerate yourself if you are accused of something with such a document. The question of whether that can then lead to function creep: yes, everything can lead to function creep. But I think that if you organise it well, and of course I am a big proponent of that, also because of the fact that with chain computerisation we also create the large-scale infrastructures to manage that well, then I think you can trust the government in that to a certain extent. I have walked around in it for 40 years. I see that in the privacy discussion, very often a kind of ghost of the government is made. I don't recognise that. A lot of government people are faithfully doing their jobs."
Everyone concludes from this his or her own... 😉
The panel discussion also focused on the question of whether or not to release Dutch figures on phone and internet wiretaps. On behalf of Bits of Freedom, advocates Simone Halink rightly for more transparency in this regard. From the angle of the KLPD (and a former AIVD officer in the room), however, it soon became clear that they were totally unwilling to provide transparency in this regard. The then led to a hardening of the discussion in which the privacy advocates and the (former) representatives of the police and judiciary became diametrically opposed. Grijpink noted the following during this discussion:
"I want to bring in an aspect whereby you also have to be careful with this hard call for data and for measurements. Especially, very clearly in my file, identity fraud, then you are using someone else's identity. If that succeeds, then it is invisible. And if the person concerned is dead, then they don't notice anything either. So that's a great example that if you start measuring, you get the wrong answer. And wrong conclusions, and wrong images, is perhaps worse for detection than if something becomes known. In the case of identity fraud, it's very clear. I was asked, "How bad is the problem?" I said, "Asking the question means you don't understand it. You must first have a situation where you are sure that you have got hold of the person who has succeeded in fraud." There is only one situation that I know of: those are Justice cells. Then Donner said, "Then we will look." And what turned out: 15% had the wrong identity. Half of them we didn't even know. And that's just sitting in jail. In other words: numbers are only really useful to a certain extent, and in the public debate they often go wrong."
To this, Böhre stressed the importance of recognising that privacy is a human right, with the proportionality question being fundamental in both individual and collective terms. The discussion should therefore always to be conducted on the basis of hard facts and figures. Vague assumptions about look-alike fraud are no excuse to saddle an entire population with biometric passports. There was no denying this from the panel. The importance of further discussion based on facts and figures also seemed to be recognised from the audience. In this sense, the National Privacy Debate hopefully acted as the conclusion of an era of fact-free politics.
At a next National Privacy Debate, Privacy First will be happy to be actively present again. In the meantime, the debate should be ongoing with all relevant parties.
Postscript Privacy First: The above report was also published in full in the trade journal Privacy & Compliance 3-4/2012, pp. 46-49.