Reprieve pursues international legal action against US and allies for drone attacks in Pakistan

According to Reprieve, “it has emerged that up to 2,283 people have been killed by US unmanned aircraft, or ‘drones’, since 2004 — with the numbers rapidly escalating in the past two years under President Obama. As many as 730 victims have been wholly innocent, according to one official source.”

Preliminary investigation by Reprieve suggests that the number of innocent victims may be far higher, and that (contrary to American claims) the likelihood of the US hitting its intended “high-value terrorist” is low. Without doubt, the victims include a significant number of women and children.

On Monday, Reprieve co-sponsored a conference in Islamabad: Litigating the War of Terror in Pakistan. Mirza Shahzad Akbar, an Islamabad-based lawyer representing drone victim families, has been accumulating evidence on drone strikes and consulting with Reprieve on potential legal action. The evidence exposes an urgent need for a full and independent inquiry into the use of drones, as well as litigation in Pakistani and international courts.

Freedom of expression and privacy risks across the ICT sector

The BSR report ‘Protecting Human RIghts in the digital age’ describes the evolving freedom of expression and privacy risks faced by information and communications technology (ICT) companies and how these risks can be more effectively mitigated by the industry.  It focuses on the issues for telecommunications services; cell phones and mobile devices; internet services; enterprise software, data storage and IT services, semiconductors and chips, network equipment, consumer electronics and security software.

EESC condemns body scanners as a breach of fundamental rights

(EDRI) On 16 February 2011, the European Economic and Social Committee (EESC) issued its opinion on the use of body scanners in EU airports.

The EESC has opposed the eventual adoption of any measures that would introduce body scanners on an EU-wide level, and feel that the Commission Communication on the use of security scanners does not respect three basic criteria: necessity, proportionality and legality.

The document also criticises the Commission for changing the term “body scanners” to “security scanners”, and outlines four central critiques with regard to the Commission Communication, namely, proportionality, fundamental rights, health risks and passenger rights .

The document urges the Commission to produce a thorough proportionality test in order to determine the necessity of their implementation versus alternative measures. The EESC suggests that the Commission seriously consider alternatives and that it might be better to wait for more precise and less intrusive technology which can recognise security hazards.

The EESC objects to the infringement of fundamental rights as a trade-off for public security. The costs to fundamental rights are three fold:  personal privacy, data privacy and the right to human dignity. To further
underline the inherent risks, the document cites a case in a Florida airport where 35 000 naked scans were recorded by officers and distributed on the Internet.

As there exists no code of best practices or conclusive proof that these scanners do not pose health risks to individuals, the EESC requests that the Commission provide a thorough scientific examination proving that passengers and personnel who frequently fly will not be exposed to any health risks.

The Committee also reminded the Commission that its Communication did not include guarantees of effective recourse for passengers and personnel undergoing the scans, and also failed to include guarantees that passengers will not obliged to undergo body scanning, ensuring individuals reserve the right to ‘opt out’ while not suffering longer wait times, more intrusive pat-downs, or be prevented from flying.

Ethical and Legal Aspects of Unmanned Systems. Interviews.

Excellent series of interviews by Gerhard Dabringer.

John Canning, Gerhard Dabringer: Ethical Challenges of Unmanned Systems
Colin Allen: Morality and Artificial Intelligence
George Bekey: Robots and Ethic
Noel Sharkey: Moral and Legal Aspects of Military Robots
Armin Krishnan: Ethical and Legal Challenges
Peter W. Singer: The Future of War
Robert Sparrow: The Ethical Challenges of Military Robots
Peter Asaro: Military Robots and Just War Theory
Jürgen Altmann: Uninhabited Systems and Arms Control
Gianmarco Veruggio, Fiorella Operto: Ethical and societal guidelines for Robotics
Ronald C. Arkin: Governing Lethal Behaviour
John P. Sullins: Aspects of Telerobotic Systems
Roger F. Gay: A Developer’s Perspective

Proposal for cyber war rules of engagement

BBC reports that the EastWest Institute in New York will propose that cyber war needs rules of engagement. The draft document also calls for a fresh definition of “nation state”, with new “territories” and players in cyberspace beyond government – such as multinationals, NGOs and citizens. The proposal also says that ambiguity about what constitutes cyber conflict is delaying international policy to deal with it, and that perhaps the idea of “peace” or “war” is too simple in the internet age when the world could find itself in a third, “other than war”, mode.

Russian Federation Invests in Enhanced Surveillance

On January 28, 2011, Russian media outlets reported that on January 11, 2011, the government had issued a resolution approving a two-year program of investing in high technology in the field of security. The program, which was recommended by the President’s Commission on Modernization and Technological Development, entrusts the FSB with the responsibility of spending 633 million RUB (approximately US$30 million) in order to develop methods and equipment for advanced surveillance.

The program consists of two parts: voice biometrics, which is focused on voice synthesis and identification and better understanding of vocal messages transmitted by technical means; and automatic video recognition aimed at mechanical discerning of targets in real time. A database of targets, associated personal images, and identified voices must be created by 2012. Placing the FSB in charge of this program was viewed by Russian commentators as a further expansion of this secret service’s authority, in line with allowing it to conduct independent genetic analysis of remains allegedly belonging to terrorists and of those who have been identified as relatives of terrorists (id.). At present, independent forensic centers are performing these tasks. A relevant amendment to the FSB Law was introduced in the State Duma. (Bill No. 493009-5 (submitted on Jan. 27, 2011)

New Study Documents Growing Role for Private Companies in Policing Online Communications

A new EDRI study finds that powers traditionally employed by law enforcement agencies and the judiciary “are silently being delegated by governments to ISPs and corporations under the guise of industry “self-regulation”. The report details significant efforts to entrust intermediaries with policing powers, surveys the impact of “voluntary ‘self-regulation’” on online content and draws attention to its repercussions for openness of the Internet and for innovation.

The study found that the term “self-regulation” is being inappropriately used to designate what amount to appeals to monitor, judge and sanction allegedly illegal websites and consumer behaviour. Proposed legislation and “non-binding guidelines” are forcing intermediaries into a position in which they can no longer avail themselves of legal protections — where they are obliged, in effect, “to police private online communications, often in blatant disregard of legal safeguards and even to impose sanctions for alleged infringements”.

“This fundamental change in the concept of “self-regulation” represents a danger for the core values of the Internet and the benefits that these values provide to society.” Should Internet intermediaries become “privatized enforcement systems”? Companies “come under intense pressure in relation to individual incidents that attract the interest of politicians and/or the press”. The measures recently taken by Visa, Mastercard, PayPal and Everydns against Wikileaks are a case in point.

The author catalogues international proposals that aim to persuade industry to engage in a vigilante system of monitoring and sanctioning, and include:

  • a series of ongoing ‘public-private dialogues’ organized by the European Commission to encourage hosting providers to engage in “extra-judicial rulings of illegality”
  • a 2010 European Commission funding proposal incentivising companies to engage in “self-regulatory” Internet blocking of allegedly illegal online material
  • discussions launched by the Council of Europe’s Assembly in 2010 whose “intention appears to be to increase the legal obligations of intermediaries” despite the fact that this would be “contrary both to the letter and the spirit of the 2003 Declaration on freedom of communication on the Internet”
  • 2010 OECD discussions, which aim to increase the responsibility of Internet intermediaries in advancing “public policy objectives”
  • the Anti-Counterfeiting Trade Agreement (ACTA), whose draft contains provisions that would encourage or coerce ISPs into policing their networks and enforcing extra-judicial sanctions, where they deem it to be appropriate
  • EU/India and EU/Korea bilateral free trade agreements, whose provisions would change the EU acquis on intermediary liability

The encouragement of extra-legal measures to limit access to information, proactive policing of the Internet and the exclusion of law enforcement authorities in investigating serious crimes are factors that contribute to the weakening of the rule of law and democracy.

While these appear to be regressive steps away from freedom, the NGO’s study found, for instance, that “the European Commission appears far from perturbed by the dangers for fundamental rights of this approach and appears keen to export the approach”.

“This process is gradually strangling the openness that is at the core of the Internet. This openness has enhanced democracy, has shaken dictatorships and has boosted economies worldwide. This openness is what we will lose through privatised policing of the Internet by private companies – what will we gain?”

Former CIA and NSA heads on the ‘the need to know’, Wikileaks and increased information sharing

Michael Hayden and Samuel Visner have an open-ed in the Baltimore sun in which they defend wider information sharing, if aided by sound security practices and advanced technology to protect information

Vital information sharing need not be a victim of WikiLeaks.

The principle of “need to know” requires segmenting information according to sensitivity and topic. Sharing must strike a balance between protecting security and fostering collaboration across all levels of government and, often, the private sector.

Striking multiple balances is necessary to protect and share sensitive information. Tactical military field units have little need for diplomatic communications, but they do require real-time access to searchable data from multiple government agencies, such as to tell if someone at a road checkpoint is a person of interest. Sensitive information has long been shared among agencies based on “need to know” but without being dumped into vast, poorly monitored databases. Government data on American citizens merits strong privacy protection, but under proper authorities, information sharing with law enforcement makes sense — if this helps uncover foreign espionage or terrorist plans.

Balance is also required in security measures. Disabling thumb and DVD drives on computers averts some kinds of information theft, but on the battlefield it could harm operational effectiveness. Imposing administrative security requirements common to intelligence headquarters or national agencies, such as polygraph exams, on all personnel in military field units would prove unacceptably burdensome.

In striking better balances, we cannot forget the post-Sept. 11 reasons why sharing became a higher priority. Uncovering and foiling terrorist threats requires that many entities work together and share information — often our best weapon.

Thus, policy on information sharing and security should improve along three paths:

•Personnel security. If Army Private Bradley Manning — suspected of leaking the WikiLeaks documents — had psychological problems, as alleged, should he have had access to sensitive information? When indications merit, personnel should undergo psychological testing to assess vulnerabilities that might raise security risks. Personnel clearances ought to be based on the type of information to which a person has access, not — as now — according to which agency employs someone.

•Security procedures. Although some “insider threats” arise from malicious intent, nearly all are abetted by sloppy execution of routine security procedures or perceptions that they are bothersome or unimportant. National security organizations should elevate security as a management priority, enforce rules more consistently and offer better training.

•Cyber tools. Cybersecurity techniques can detect much anomalous behavior, such as downloading, copying or printing numerous documents, seeking to access information in unusual ways or information not normally accessed, and transferring sensitive information to others. That such tools were not employed on the battlefield in Afghanistan is understandable but in retrospect imprudent.

More advanced cyber tools are being developed, such as to sift through huge volumes of seemingly disparate data and correlate findings. This need is a key lesson from the 2009 Christmas Day bombing attempt. New tools must address potential threats from mobile devices and social media and better detect and resolve suspicious exfiltrations. Improving analytic tools to better understand global information environments and characterize the behavior of systems remains a pressing challenge.

Reacting to the WikiLeaks disclosures by clamping down on information-sharing would risk failing to detect hard-to-predict or increasingly diverse threats. More prudent is to employ sound security practices and advanced technology while leveraging the advantages of information sharing and collaboration. National security and technology professionals have worked hard to gain these advantages, and they ought not to be hastily discarded.

TSA chief seeks less ‘invasive’ methods

Transportation Security Administration chief John Pistole said Thursday the agency is looking at new technology such as body scanners that show passengers as “stick figures” and security methods used in Israeli airports in a drive to make air travel security “as minimally invasive as possible.” In a speech before the American Bar Association in Washington, Mr. Pistole said the federal government would make a decision “sometime this year” on whether to adopt the newer scanner technology, now used in Amsterdam.

OECD cybersecurity report

This OECD report was written by Peter Sommer and Ian Brown as a contribution to the OECD project ―Future Global Shocks. The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters.