Improving Technical Security Privacy

Embracing privacy in the digital age: a dialogue with the UN Special Rapporteur on Privacy

On 16 June, the Internet Society hosted an exclusive dialogue with the UN Special Rapporteur on Privacy (SRP), Prof. Joseph Cannataci.

Prof. Cannataci is the first-ever Special Rapporteur on the right to privacy. His initial report was issued in March 2016 and mapped an ambitious plan for the next few years, with a particular consideration on privacy issues related to the Internet and ICTs.

Many members from the Internet Society membership and community joined this conversation and engaged actively around a set of key priorities identified by the Special Rapporteur.

Here are some key takeaways from this exchange:

> The definition of privacy as a first priority: How to investigate and talk about privacy with people who don’t necessarily have a word for it in their language? The first step the SRP would like to reach is a widely shared and cross-cultural understanding of privacy. He believes it is only on this basis that he will be able to take his mandate forward.

> Privacy enabling the development of people’s personality: This is one of the main theses of the SRP. He sees privacy both as a right in itself, but also an enabler of other rights. In addition to enabling freedom of expression, he asserts that respect for privacy is essential to the un-hindered and free development of one’s personality. In other words, the ability to keep some information private or limited to certain groups is said to be fundamental to individuals’ ability to develop a distinctive character, sexual identity, life path, aspirations, etc.

> Privacy as concept with deep roots: The SRP stressed that privacy is not merely a product of modern societies (even if the concept has evolved with new practices in the digital age), but rather has deep roots in human societies. He gave examples of pastoral societies, including Indigenous Australian peoples and populations in the Amazon, where privacy-related behaviors have been observed.

> Opposing the “privacy vs security” rhetoric: The SRP rejected the notion that privacy and security are at odds with one another. He contended that one can be secure while also maintaining one’s privacy. On this note, the Special Rapporteur stated that all governments should take a firm stance against the use of encryption backdoors, which he sees as a form of “security vs security”.

> Optimism for the future of privacy: Asked whether he was optimistic or pessimistic about the future of privacy in the digital age, the SRP expressed strong optimism. He stressed that in 33 years working on this subject, he has never seen as much interest and momentum in privacy as in 2016. He feels there is today a convergence of both public awareness and private sector cooperation that will lead to positive developments in the privacy space.

These are only a few of the many topics that were covered during the session. You can watch the full recording, with English captions here.

(text transcript available here)

We also invite you to watch this short interview from the UN Special Rapporteur that provides a short and useful overview of his perspectives:

For more information about the Internet Society’s views, please view our policy brief about privacy on the Internet.

Human Rights Privacy

Privacy in the Digital Age: UN Special Rapporteur Sets Priorities In New Report

What is the state of online privacy in 2016? What are the key policy issues related to privacy? What are the steps that can be taken within the UN context to help ensure our right to privacy?

These are a few of the many points addressed by Joseph A. Cannataci, the UN Special Rapporteur on the Right to Privacy (SRP), in his first report released on 9 March.

As we mentioned before, in recent years, many governments and NGOs have been pushing for the creation of a dedicated UN Special Rapporteur for privacy in the digital age, in part as a reaction to public disclosures of the existence of certain governmental mass surveillance programs. This new position in the UN Human Rights Council is also a direct follow-up to a UN General Assembly Resolution 69/166 from December 2014 that asked the Council to consider the creation of such a mandate.

According to Mr. Cannataci, his first report is a preliminary foray into the topic. The report covers a wide range of issues that the SRP considers are key, listed in no particular priority order as of yet. In the next few months, he intends to consult further with a wide range of stakeholders and to dive more specifically into the key issues he has identified. This is when the core of the discussion is likely to happen.

Below are a few of the priorities that the SRP lists in his report:

Focus on “what” and “why” privacy (before going to the “how”): One of the key priorities will be to get back to basics and define privacy in a way that reflects universal values and that can translate across cultures. The SRP will also get back to the fundamental question of why privacy should be protected. He considers privacy is not an end in itself, rather an enabler of personality, dignity and self-determination. It is only when these elements are addressed that he will explore any gaps in mechanisms to protect privacy (assuming there is political will to address such gaps).

Taking rights in conjunction rather than in opposition: “privacy and security” instead of “privacy vs. security”: Joint action and discussions are already underway with the Special Rapporteur for Freedom of Expression in order to explore opportunities for joint action about this aspect during 2016-2017.

Security, surveillance: As expected, an important focus of the SRP’s mandate and report relates to the effects of security measures and surveillance practices on privacy. He identifies several examples of legislation that, according to him, “legitimise the use of certain privacy-intrusive measures by security & intelligence services (SIS) and law enforcement agencies (LEAs)”. This should trigger some debate in the next few months.

The importance of technical safeguards: The SRP stresses that the safeguards and remedies available to citizens cannot be purely legal or operational, and that he intends to engage with the technical community “in an effort to promote the development of effective technical safeguards including encryption, overlay software and various other technical solutions where privacy-by-design is genuinely put into practice”. This is important.

“State of the Union“: The current report includes an overview of what the SRP considers as key current privacy issues, including good and bad practices in the field. It focuses particularly on the current IP Bill in the UK, but also mentions the recent adoption of a policy of no encryption-backdoors in the Netherlands, among other cases. An overview of current privacy practices will become an annual exercise of his mandate.

7 key thematic areas identified for his mandate, to be prioritized throughout consultations.

• Privacy and personality across cultures

• Corporate online business models and personal data use

• Security, Surveillance, proportionality and cyberpeace

• Open Data and Big Data analysis: impact on privacy

• Genetics and privacy

• Privacy, dignity and reputation

• Biometrics and privacy

And there is much more, including the need for cross-border remedies and safeguards, reflection on the risks related to the commodification of personal data, up to considerations of “cyberpeace”.

The report covers a wide range of issues and is worth exploring. We can expect that the SRP will be active in the Internet governance space and will want to engage with all stakeholders of the Internet ecosystem, including civil society, the technical community, business and of course governments.

The Internet Society will continue to follow closely this process and to offer a bridge for our community’s input in the Special Rapporteur’s mandate. Please watch our human rights page for more information over the months ahead.

Image credit: Perspecsys Photos CC BY SA