Académique Documents
Professionnel Documents
Culture Documents
MICHAEL FRIEDEWALD,
WlM SCHREURS,
MICIHEL VERLINDEN,
SERGE GUTWIRTH,
YVES PÜNIE,
IOANNIS MAGHIROS,
ELENA VILDJIOUNAITE, and
PETTERI ALAHUHTA
ost Aml scenarios illustrate its • Considerations re: listing on the TSE.
T
he concentration of power manífests rized access to the data) were able to collaborate, to
itself in other ways in the scenario. copy the files and exit the premises without being
DMC says it is willing to establish challenged. Further, it seems to have been relatively
Aml networks in spme developing easy for them to remove their location implants and
countries as long as DMC controls to disappear without a trace. But t'^e three employee
them. Developing countries, concerned about their data thieves are not the only miscre • rs at DMC. The
soverei^nty, will "have to settle for what we give sénior executives also behaved un .hically and ille-
them," says Switzer. Also, employees-kaye "agreed" gally by not informing the pólice and theif-customers
that DMC can check their home sensor nerworks, about the data theft, ~
that is, if they want a Job at DMC, they must agree. Henee, we can conclude that an illusion oTsecurity
Similarly, employees must bear location implants. prevailed at DMG-and, perhaps, more widely within
Lack of public awareness. Despite the convenience socíety as a who 1 e.,The_illusion is fed byfrTe implicit
of personalized services and enhancements in security assumption that vafious Aml technologies and proce-
made possible by Ainl, most people have not com- dures will form -zn adequate defense against miscre-
prehended just how pervasive Aml has become, ñor ants. Unfortunately, no matter how strong these
of the scale and volume of data being generated about technologies and procedures may be, they may stilí
them by Aml networks. In the scenario, public aware- fail, especialíy against insiders acting in concert {both
ness is íncreased as a result of the investigative report- the employees and the executives).
ing and media- coverage of the theft of data from At the societal level, we may assume that laws and
DMC, the resulting tria!, and the high-íevel politicaJ regulatioris will pcotect us, but this scenario suggests
intervention to stave off DMC collapse. Aroused that even there we suffer from the ¡Ilusión of secu-
public awareness may forcé changes in legislative or rity—it takes a class action suit to bring DMC to jus-.
regulatory oversight. Henee, public awareness and the tíce. Market forres that might otherwise punish
pressure of public opinión, stoked by the media, have DMC are undermined because government decides
utility as a safeguard against abuse. Unfortunately, that DMC cannofgo to the wall. DMC has managed
such pressure is-almost always reactive. to acquire so much power—partly through its propri-
The ¿Ilusión of security. Most pepple are wiíling to etary technology and partly through its rnarket dom-
trade some of their privacy for better security. The ínance-—and has come to play so big a role in
scenario suggests that terrorism has become suffí- (ironically) national security that government cannot
cíently serious that the intelligence agencies and allow it to go under. But if DMC was unable to detect
immigration authorities are becoming unwilling to the security risk posed by three of its own employees,
admit foreigners uniess they have detailed informa- isn't the government's confidence in DMC technol-
lion on each individual. Similarly, DMC employees ogy mispLti-cd?
seem willing to have location implants and surveil- The iílusion of security is also fed by unwarranted
íance equipment installed not only in their offices but trust. The issue of trust is not directly raised in tnis
in their homes and cars. They probably see this as scenario, but it is not far away. One would think that
oeneficial in security terms. a data aggregator, processor, and reseller like DMC
It is ironic that DMC and its ditectors face a class would have some obíigatíon to inform people when-
action lawsuit on the grounds that they were negli- ever it sells data to others or takes over another com-
gent in securing personal data. Security would seem pany with persona] data records. But this has not
to be one of DMC's key strengths, one of its key sell- occurred. It seems that DMC clicnts, the intelligence
ing points. DMC can hardly believe that irs many agencies and immigration authoriues, are content
.security measures—video surveillance, biomerrics, that individuáis are not mformed about what infor-
''.'A'-logging software, access control measures, regular marion DMC has on them, even if the law dictares
-mdits, employee implants and so on—could fail. But othervvise.
¡he quesrion is: have DMC executives done enougrí? California and a numlx-r of oiher stares liave stria
\Y,is their proíitmu, oi employees suHleiently n^orous l.iws requiring char companies do míorní individuáis
\ \ h c n their data h.i.s bcirn cornpromised—but that supported by public hjnding. Designen of nc\v tech-
does not mean that they will. Comphance will depend nology should be required to factor in data protectfon
as much on corporate culture and, espccially, erhics as in any new Aml atchicectures and networks. Lcgisla-
on legal dctcrrents. Thus, to sorne extent, even laws tíon and rcgulation will probably be necessary, and
and rcgulauons can instilí an ¡Ilusión of secunty. one can predict that will elicit prorests from those in
favor oí deregulation and gerting the government off
CONCLUSIÓN their backs. So be k.
The principal conclusión we draw frorn this am- íf civil liberty advocares have had concerns about
ele—from the dark scenario and rhe analysis—-is encroachments upon our privacy in the ernerging sur-
that, although we can expect amazing advances in veillance society, they will be positively apoplectic if
the deveiopment and deployment of ambient tech- Aml, already being implemented in a somewhat
nologies, there is a risk that corporate ethics in the piecemeal fashion, becomes as pervasive as its sup-
year 2018 wiil not be so different from those preva- porters believe ít will. To anticípate this future, ratKer
lent in the year 2008, which is tb say that some corn- than react to it, appropriate safeguards should be
panies will be good corporate cítizens and some agreed añtljmt in place. Now is not too soon to start.
won't. Simílarly, sorne companies wiil have rogue To that end, the authors hope this article will stimu-
empioyees just as they do today who are capable of late interesting discussions and constructive debates
undermining what might be perceived as strong on the issues Ít raises, including corporate~ethics and
security "(technologically, procedurally, legálly). A privacy in the Aml space; surveillance rechnolo^ies—
principal difference between today's woríd aad that from convenience to a false sense of security! the role
• depicted for the year 2018 could be that jecurity of horror stories and dark scenarios in~übiquitous
concerns about terrorism and antisocial behavior computing; and the risks resulting from unwarranted
will be such that unless individuáis have really trust. As Thomas Jefferson said, "The pnce of free-
detailed profiles compiled from data from Aml net- dom is eternal vigilance." B
vvorks, they may be barred from entering a devel-
oped country. Also, while people may .welcome the
convenience from personalízation of servíces and the DAVID WWGHT (david.wrighc@tnlareralresearch.com) |s managing-
panner of Trilateral Research & Consulting LLP, based ¡n London,
ubiquic)' of surveillance technologies, they may be
UJC '
lulled into a false sense of security. MlCHAEL PRIEDEWALD (m.friedewald@isi.fraunhofer.de) is a sénior
As mentioned in the introductíon to this artícle, scienfisr and project manager in the Department of EmergTng Tech-
there have been few "dark" scenarios put forward by
Research, Karlsruhe, Germany.
Aml expercs and aficionados. The SWAMI project WlM SCHREURS (wim.schreurs@vub-ac.be) is a researcher at Vríje
has taken a deliberateíy contrarían, position with
regard to scenarios that show the "sunny" side of Aml. MlCHIEL VERLINDEN (michiel-verlinden@gmail.com) is an atturney
While the authors are as enthusiastic as anyone about at the Brussels Par.
SERGE GUTWIRTH (serge.gunvinh@vub.ac.be) is A professor of law
the potentiai of Aml, advances in surveillance tech-
nologies, biometrics, and fourth-generation mobile YVES PUNIE (Yves-Punie@ec.europa.cu) is sénior researcher at [he
systems, they believe the Aml cornmunity, policy- institure for Prospective Technological Smdies (IPTS) in Seviile, Spain.
makers, and society must be a)en to possible abuses of The IPTS is pan of the European Cammission's Joint Research Centre
(JRQ.
the technology. Cons'tructíng enanos and using an lOANNIS MAGHIROS (Ioannis.Maghiros@ec.europa.eu) is principal
analyrical structure along the ;nes as" noted in this ¡ST scientific officer at the ÍPTS.
arríele offer a useful way of stimulating dialogue about ELENA VILDJIOUNAITE (Elena.Vildjiounaite@vtt.fi) is a researcher
such possible abuses-as well as other technology issues. at the VTT Technical Research Centre of Finland in Oulu.
PETTERI ALAHUHTA (Petteri.Alahiihta@vtt.fi) is a technology
Identifying possible abuses is the first step in devis- manager in the Mobile Interaction Knowledge Centre of VTT
¡ng safeguards. Almost certainíy, a mix of safeguards Technical Research Centre of Finland.
wiil be needed—technological, socioeconomic, legal,
and regulatory and even cultural safeguards can be
envisaged.4 As a mínimum, the SWAMI consortlum
advocares a privacy impact assessment for any projects