1st SAG / EEG Meeting, VICESSE, Vienna - Austria

INSPEC2T has received funding from the European Union's Horizon 2020

research and innovation programme under grant agreement No 653749

INSPEC2T System Security & Privacy Considerations Rachel Finn

Trilateral Research, UK

INSPEC2TINSpiring Citizens Participation for Enhanced

Community PoliCing AcTions

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 2INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

INSPEC2T system security & privacy considerations

• Privacy and data security are key challenges for the optimal use of social media for community policing.

• This deliverable will ensure that the INSPEC2T system will follow a Security and Privacy by Design approach. o This will include design, development and implementation phases.

• Data security and privacy will become integral to INSPEC2T priorities, objectives, design processes and planning operations by:o Safeguarding informationo Ensuring consent of participants through transparencyo Respecting data protection and human rights

• Outcome – one of the main inputs for the design requirements of INSPEC2T and sets principles for assessment of INSPEC2T.

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 3INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Community policing & social media

• Contextual background – law enforcement in the digital ageo Widespread adoption of social media has led to novel ways of community policingo Police use social media to engage with citizens and include the public in law enforcemento Allows for gathering of intelligenceo Many forces have a social media presence – e.g., in the UK, 98% of police forces have corporate Twitter

account with an average of 18,000 followers

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 4INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Community policing & social media

• The privacy and security implications and challenges regarding the use of social media in community policing. o Loss of controlo Potential for abuseo Undermining public trust

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 5INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Privacy and security by design

Privacy and Security by Design

• “The philosophy and approach of embedding privacy directly into the design and operating specifications of information technologies and systems”

– Ann Cavoukian, Privacy by Design: Origins, Meaning, and Prospects for Assuring Privacy and Trust in the Information Era

• Achieved by building on principles of Fair Information Practices early in the development of the system.

• By building privacy into the design of the system at an early stage, public trust is enhanced.

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 6INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Outline of the reportD2.3: Security and privacy considerations for the INSPEC2T system

• Identify relevant privacy and data security challenges• Identify potential technical solutions and processural safeguards to address these challenges • Assess current police practice• Make recommendations for the INSPEC2T system

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 7INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Privacy & data security challenges

• Identifying data inaccuracies and measures to correct them

• Ensuring legitimate and proportional use (avoiding surveillance, function creep, etc.)

• Preventing data breaches

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 8INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Challenges – Inaccuracies

• Following bomb in Bangkok, surveillance footage of suspected bomber released

• Australian actor and fashion blogger living in Bangkok incorrectly identified by Internet commentators

• Police interviewed him and searched his apartment for bomb making equipment

“[M]any social media outlets released my photo in Thailand saying that I was a suspected terrorist as looked like the suspect in question. All my private information from immigration was leaked online and people were looking for me – They even knew my home address.”

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 9INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Challenges – Inaccuracies

• Boston Marathon Bombing – several mistakenly identified suspects

• Sunil Tripathi, whose body was eventually discovered

• “Bag men”, New York Post, who are currently pursuing a lawsuit against the paper

• This misinformation made it into the media, blogs and to individuals’ families and employers.

The inter-linkage between social media and crowdsourcing “led to images stripped of their context being passed around as though they were confirmed”. New Statesman, 19 April 2013.

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 10INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Challenges - Proportionate and legitimate use

• Allowing local police to keep tabs on #gunfire, #meth, and #protest in their communities.o Some criminals may tweet about their crimes, but many such tweets are not crime related – e.g., many #meth

tweets relating to Breaking Bad

• Useful as a way to "listen in" on people who would not ordinarily be talking to police.

“Used well, such tools should make police departments more aware of both local problems and complaints about their own work. Used less than well, it can be a bit creepy, sort of on par with having a kid's uncle listen outside her bedroom during a slumber party. And used badly, it can make a nice tool for keeping an eye on critics/dissenters.”

- Nate Anderson, ‘How the Cops Watch your Tweets in Real Time’, ars technica.com

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 11INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Challenges - Proportionate and legitimate use

• SketchFactor – an app which would allow users to report having seen or experienced something “sketchy” in a particular location.

• These reports would then be geotagged and overlaid on a Google map, creating a ‘sketchiness’ map.

• The idea was to help urban walkers be more street-smart.

• But subject to criticism that race would be used to profile neighbourhoods as ‘sketchy’.

• After accusations of racism, the app never recovered.

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 12INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Challenges – Data security

• In UK from 2007 – 2010: 904 police officers and staff subject to disciplinary procedures for breaching the Data Protection Act.

• Breaches ranged from minor rule-breaks on social media to serious allegations of misconduct leading to arrests.

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 13INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Potential solutions

Data Security Solutions

• Data collectiono anonymity o (unrestricted) collection and processing of

personal and sensitive information o informed consent

• Data processing o authentication o logging o minimal granularity o automated deletion routines o data validation, etc.

• Data storage and access o secure storage (physical and cyber-security)o unauthorised access to or disclosure of data o technical information security controls

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 14INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Current police social media practice

Current data practices and privacy considerations in community policing

• What privacy issues are LEAs aware of?• What privacy issues are LEAs attempting to address?• What technologies are LEAs using? • How are they using these technologies? • What is working? • What isn’t working?

Based on anonymised information collected from our project partners.

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 15INSPEC2T has received funding from the

European Union’s Horizon 2020 research and innovation programme under grant

agreement No 653749

Recommendations

• Match the suggested solutions to the specific challenges raised

• Highlight what controls can be built into the design to protect the privacy interests

• Highlight key findings and recommending steps that are required to manage privacy related challenges in implementing the INSPEC2T platform

1st SAG / EEG Meeting, VICESSE, Vienna - Austria 16

JOIN US

INSPEC2T has received funding from the European Union’s Horizon 2020 research and innovation programme

under grant agreement No 653749

Thank you for your attention!

For more information please contact:

Rachel Finn – rachel.finn@trilateralresearch.com Jo Simon – joanna.simon@trilateralresearch.com

Kush Wadhwa – kush.wadhwa@trilateralresearch.com