1. Professor Lilian Edwards University ofStrathclydeLachlan Urquhart University ofNottingham

2. Context Intelligence Led Policing and SOCMINT London Riots and after NOT Snowden/PRISM/TEMPORA etc domestic, rule oflaw Legal Issues Privacy in Public? ECHR and UK Regulation of Investigatory Powers Act 2000 (RIPA) andSOCMINT Is everything done in public, public? Are structured dossiers still the enemy? What next? 3. The growth of intelligence led policing Risk aversion, predictive profiles, big data Assemblages of data via private intermediaries OSINT Publically available, open sources SOCMINT (Bartlett and Miller 2013) used for Network and sentiment analysis e.g.EMOTIVE Crowdsourcing info from public Event Detection and situational awareness Predictive analytics eg IBM Memphis P.D. Policy challenges (Omand 2012): Public trust Legitimacy and necessity (Demos 2013) also stress need for necessity,proportionality, transparency 4. UK Summer Riots 2011 Flickr stream of suspect photos 770 arrests & 167 charges Facewatch mobile app Shop a Looter (Pieri 2014) Issues: Sampling bias - Reading the Riots Human error eg Boston Bombings 5. Met Police 5 Days inAugust (2012) Police unequipped to deal withSOCMINT HMIC Rules of Engagement(2011) searching the British Library for apage in a book, without an index to refer to -> Police want stronger capabilities Real time analytics 6. Do public social media posts raise any expectations of privacy? What Planet is this individual on? Her Tweets are Public domain. Gillespie (2009) (UK) no. Cf Bartow (2011) (US) Facebook is a giantsurveillance tool, no warrant required, which the government can use..with almost no practical constraints from existing laws Data protection law exemptions (UK) for detection & preventionof crime; no need for consent, no subject access rights ECHR art 8? Von Hannover ECtHR (2004) influential in UK privacy law after HRA1998 cfWood v Metropolitan Police (2008) (UK) Result clearly some expectation of privacy in public; interferencemust be necessary, proportionate and according to law; but howmuch? & how balanced against other values eg security? How much is this recognised in UK RIPA 2000 ? 7. Eric King, PI: SOCMINT simply did not exist when RIPA 2000 wasconceived and it is hard to simply slot into the existing categoriesand typologies established by RIPA No officialACPO guidance or Code of Practice Demos (Bartlettand Miller) 2013 report. Envisaged digital scheme in RIPA : Pt 1 Ch 1 covers real timeinterception of emails, warrant from Sec of State needed ; Ch 2access to records of communications (=meta) data grantedautomatically in most cases. Analog world scheme in Pt 2 RIPA Directed covert surveillance eg secretly following suspect Covert human intelligence source (CHIS) -eg befriending someone underfalse ID to acquire info Both require authorisation of senior officer but not warrant of S of S How if at all does SOCMINT fit in? 8. Demos 2013 assert SOCMINT collection needs noauthorisation of any kind UNLESS: Fake profile or deception (anonymous lurking?) used to obtain access -> CHIS or Directed Surveillance may apply Where a detailed profile is made of named individual, even fromopen sources -> Directed Surveillance? (OFloinn & Ormerod, 2011) Cf Rotaru v Romania ECtHR (2000) public information can fall within thescope of private life where it is systematically collected and stored in files heldby the authorities Cf Stasi surveillance in former GDR Wood v Metropolitan (para 27-28) Back door collection of protected SOCMINT data might fallwithin RIPA Pt1 Ch 1, interception but fits very badly indeed Public profiles? Argued no expectation of privacy so long asuser knew from T&C that public data might be collected , espvia API 9. Q1. Can it be assumed everything done in public is public? No : Material about A is exposed by B; Users often cannot protect traffic or meta data or friends list; Consent to T and C does not remove any expectation of privacy online standard term contracts are rarely read or understood, market for competition on privacy has not evolved in networkeffects industries Giving up soc media is impossible for many groups boyd (2014) young adults/kids choose social media as networkedpublics (un F-locked) without giving up expectations of privacy Cannot anticipate invisible audiences, collapsed contexts andpersistent content (how true of all users?)Q2. Is SOCMINT valuable as evidence? Acontextual (eg Twitter rape usage cf Nissenbaum) ; subject todisinhibition effect and social steganography? 10. ECtHR case law has seen structureddossiers maintained over time as keythreat Rotaru v Romania dictumpublic information can fall withinthe scope of private life where it issystematically collected and stored infiles held by the authorities-> Qu 3: Does the Rotaru distinctionbetween structured data in files held bypolice, and unstructured data hold up inthe age of Google and data-mining?Google Spain (ECJ) 2014? ->processing of personaldata.. carried out by .. asearch engine is liable toaffect significantly thefundamental rights toprivacy .. the list of results[is] a structured overview ofthe information relating tothat individual that can befound on the internet information whichpotentially concerns a vastnumber of aspects of hisprivate life and which,without the search engine,could not have been inter-connectedor could havebeen only with greatdifficulty and thereby toestablish a more or lessdetailed profile of him. 11. Are we writing a blank cheque for massPanoptic surveillance by treatingSOCMINT as public & free ofrestrictions The new Stasi? Cheaper, better! What rules should guarantee ourexpectations of privacy re publicOSINT and SOCMINT? Code solutions Snapchat,WhatsApp? Deceptive, illusory? Ethics for big datacollectors/intermediaries the future? 12. Thanks for ListeningQuestions?Contact Details:- lilian.edwards@strath.ac.uk -@lilianedwards- lachlan.urquhart@nottingham.ac.uk -@mooseabyte