Co-funded by the Horizon 2020 Framework Programme of the
European Union
Ethics	and	Legal	Issues	Inventory:		
Positive	and	...
PLEASE	 NOTE	 THAT	 THIS	 REPORT	 IS	 A	 FINAL	 DRAFT	 AND	 IS	 AWAITING	 FINAL	
ACCEPTANCE	BY	THE	EUROPEAN	COMMISSION.		
...
Contents	
Executive	Summary	.................................................................................................
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 i	
Executiv...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 ii	
authori...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 1	
1. Intro...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 2	
1.3 Deli...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 3	
offer	 a...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 4	
protecte...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 5	
2. Legal...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 6	
In	line	...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 7	
their	 i...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 8	
Data	con...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 9	
The	Righ...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 10	
Other	f...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 11	
(which	...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 12	
Crowdso...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 13	
proport...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 14	
Netherl...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 15	
of	indi...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 16	
unless	...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 17	
3. Ethi...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 18	
relates...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 19	
predict...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 20	
associa...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 21	
form	 v...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 22	
A	relat...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 23	
hacking...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 24	
Digilan...
MEDI@4SEC		
The	Emerging	Role	of	New	Social	Media	in	Enhancing	Public	Security	
Grant	Agreement	no	700281	
	
	 25	
attempt...
Ethics and legal issues inventory on social media
Ethics and legal issues inventory on social media
Ethics and legal issues inventory on social media
Ethics and legal issues inventory on social media
Ethics and legal issues inventory on social media
Ethics and legal issues inventory on social media
Ethics and legal issues inventory on social media
Nächste SlideShare
Wird geladen in …5
×

Ethics and legal issues inventory on social media

217 Aufrufe

Veröffentlicht am

Positive and Negative Impacts of Social Media Adoption Across the Public Security Community

Veröffentlicht in: Soziale Medien
0 Kommentare
0 Gefällt mir
Statistik
Notizen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Keine Downloads
Aufrufe
Aufrufe insgesamt
217
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
92
Aktionen
Geteilt
0
Downloads
3
Kommentare
0
Gefällt mir
0
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie

Ethics and legal issues inventory on social media

  1. 1. Co-funded by the Horizon 2020 Framework Programme of the European Union Ethics and Legal Issues Inventory: Positive and Negative Societal Impacts of the Adoption of Social Media Across the Public Security Community Deliverable 1.3 Authors: University of Warwick & TNO
  2. 2. PLEASE NOTE THAT THIS REPORT IS A FINAL DRAFT AND IS AWAITING FINAL ACCEPTANCE BY THE EUROPEAN COMMISSION. When citing please use: MEDIA4SEC (2016) Ethics and Legal Issues Inventory Report Authors: Kat Hadjimatheou (University of Warwick), Arnold Roosendaal and Petra Vermeulen (TNO) Cover illustration courtesy of TNO. The research leading to these results has received funding from the European Union’s Horizon 2020 Research and Innovation Programme, under Grant Agreement no 700281.
  3. 3. Contents Executive Summary ............................................................................................................................................ i 1. Introduction ................................................................................................................................................ 1 1.1 MEDI@4SEC ........................................................................................................................................ 1 1.2 Work Package [INSERT No.] ......................................................................................................... 1 1.3 Deliverable 1.3 (D1.3) ..................................................................................................................... 2 2. Legal and ethical concerns with police and local authority uses of social media ......... 5 2.1 Key legal and ethical issues ........................................................................................................... 3 2.2 Legal Concerns ................................................................................................................................... 5 2.3 Ethical Issues ..................................................................................................................................... 11 3. Ethically risky, anti-social and illegal uses of social media by citizens and ethical and legal issues arising in connection with public security responses ............................................. 17 3.1 Trolling ................................................................................................................................................ 17 3.2 Grooming ............................................................................................................................................ 18 3.3 Organising risky events/protests/riots ................................................................................ 19 3.4 DIY policing via social media security platforms .............................................................. 20 3.5 Vigilantism, digilantism and hacktivism ............................................................................... 22 3.6 Activity on the Dark Web ............................................................................................................. 24 4. Ethical and Legal Issues by Workshop Theme ........................................................................... 26 4.1 DIY policing ........................................................................................................................................ 26 4.2 Riots and mass gatherings ........................................................................................................... 26 4.3 Everyday policing ............................................................................................................................ 27 4.4 The dark web .................................................................................................................................... 27 4.5 Trolling ................................................................................................................................................ 27 4.6 Innovative market solutions ...................................................................................................... 28 Bibliography ....................................................................................................................................................... 29
  4. 4. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 i Executive Summary Social Media have changed our lives. The platforms can facilitate communication, interaction, and participation on an unprecedented scale. They help public security providers to engage with the public to increase legitimacy and trust and to deliver security more effectively and efficiently. However, not all that glitters is gold. Social Media is also the catalyst and conduit for abusive communication, for the grooming of children for sexual exploitation, for terrorist recruitment, and for a range of other unethical and illegal activities. Anonymity and encryption help some criminals act with impunity. And, though everyone agrees that police should take measures to detect, prevent and prosecute such behaviour, such measures are often controversial, risking disproportionate interference with freedom of expression or privacy, or the unwarranted visitation of suspicion on innocent individuals or groups. This report provides an inventory of key ethical and legal issues arising in connection with the use of social media in a public security context. These issues will inform discussion between public security experts and stakeholders at a series of forthcoming workshops, which will in turn inform a final MEDI@4SEC ethics and legal issues report to be published in 2018. The issues identified in this report reflect ethical and legal concerns with police and local authority uses of social media; with ethically risky, anti- social and illegal uses of social media by citizens; and with public security responses to those uses. The frame of reference of this report is self-consciously European, e.g. it is grounded in ethical and legal norms of democracy, including in particular accountability, transparency, fairness and duties of special care for the vulnerable in the application of criminal justice, and proper respect for civil liberties. Issues identified are discussed with a view not only to the duties and functions of public security providers such as police and local authorities but also to the potential role of technology developers and social media providers. Legal issues arising in connection with police use of social media fall into 3 categories: the position or role of public security agents, not only as enforcers of the law but also as data controllers; the fundamental rights of the citizens; and the involvement of citizens in the provision of public security. Ethical issues include in particular risks of disproportionate interference with the privacy of innocent individuals; risks of outright discrimination or unwarranted stigmatisation of individuals or groups as criminally suspicious as well as risks of discrimination; and unfair (because less easy or reliable) access of some vulnerable or disadvantaged groups to criminal justice or public security resulting from their relative lack of technology and/or technological skills. The rights of police officers to a private life and to freedom of expression on social media are also considered. The involvement of citizens in the provision of public security and criminal justice raises significant concerns both from a legal and an ethical perspective. These relate primarily to the difficulty of ensuring transparency, accountability and non-discrimination in the delivery of public security when functions are carried out by citizens driven by their own interpretations of the law and morality and without democratically legitimised
  5. 5. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 ii authority. These concerns are likely to persist and indeed grow as it becomes apparent that police and other formal public security providers are unable for a range of reasons to deal with the proliferation of illegal and unethical behaviour online. Key challenges and risks for public security providers in responding to such behaviour, including on the Dark Web, include distinguishing between illegal and merely offensive or otherwise unethical behaviour, and determining the line between justified covert interactions with criminals and unjustified entrapment. The report closes by listing key questions identified during the discussion under each the following 6 workshop themes: DIY policing; Riots and mass gatherings; Everyday security; the dark web; Trolling; Innovative market solutions. This will focus discussion during the workshops and avoid overlap between the 6 Ethics and Legal Issues reports to come.
  6. 6. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 1 1. Introduction 1.1 MEDI@4SEC MEDI@4SEC focuses upon enhancing understanding of the opportunities, challenges and ethical consideration of social media use for public security: the good, the bad and the ugly. The good comprises using social media for problem solving, fighting crime, decreasing fear of crime and increasing the quality of life. The bad is the increase of digitised criminality and terrorism with new phenomena emerging through the use of social media. The ugly comprises the grey areas where trolling, cyberbullying, threats, or live video-sharing of tactical security operations are phenomena to deal with during incidents. Making use of the possibilities that social media offer, including smart ‘work- arounds’ is key, while respecting privacy, legislation, and ethics. This changing situation raises a series of challenges and possibilities for public security planners. MEDI@4SEC will explore this through a series of communication and dissemination activities that engage extensively with a range of end-users to better understand the usage of social media for security activities. MEDI@4SEC will seek a better understanding of how social media can, and how social media cannot be used for public security purposes and highlight ethical, legal and data-protection-related issues and implications. Activities centre around six relevant themes: DIY Policing; Everyday security; Riots and mass gatherings: The dark web; Trolling; and Innovative market solutions. MEDI@4SEC will feed into, support and influence changes in policy-making and policy implementation in public security that can be used by end-users to improve their decision making. By structuring our understanding of the impact of social media on public security approaches in a user-friendly way MEDI@4SEC will provide an evidence-base and roadmap for better policymaking including: best practice reports; a catalogue of social media technologies; recommendations for EU standards; future training options; and, ethical awareness raising. 1.2 Work Package 1 The role of Work Package 1 (WP1) is to link the project activities and outcomes to the existing body of knowledge through a series of stocktaking and inventories on the influence of social media on public security planning and the potential threats and challenges this uptake brings about. In this project, social media are defined as “a group of internet based applications that build on the ideological and technological foundations of Web 2.0, and that allow the creation and exchange of User Generated Content” (Kaplan & Haenlein 2010: 61). Social media that we predominantly focus on are the more widely used social media apps, notably Facebook, Twitter, WhatsApp, Youtube, and Instagram, but also (new) emerging social media that are widely adopted and that we come across. Online chat groups, fora and market places our not our key focus, but will be touched upon where relevant.
  7. 7. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 2 1.3 Deliverable 1.3 (D1.3) D1.3 provides an inventory of key ethical and legal issues arising in connection with the use of social media in a public security context. The issues are drawn from and identified by reviewing the results of a literature review encompassing academic research, policy documents, private sector reports and the outputs of other research projects.1 More specifically, it focuses on the current state of the art of social media use and impact in relation to: 1. Ethical and legal concerns with police and municipal authority uses of social media 2. Ethically risky, anti-social and illegal uses of social media by citizens and ethical and legal issues arising in connection with public security responses The issues will be drawn upon to inform discussion at the six forthcoming MEDI@4SEC project workshops (Tasks 2.4 and 4.4, described below). A list of questions for discussion in each of the 6 thematic workshops is presented in Section 4 below. The discussion in those workshops will inform 6 discreet Ethics and Legal Issues Reports (organised under work package 4). These individual reports will then be synthesized into a final report identifying overarching themes and research questions for the future and a set of guiding principles and policy recommendations for public security planners using social media. 1.3.1 Ethics and law The ethics and legal issues summarized here are distinct but related. Ethics relates to the reasons we have for thinking something is the right or wrong thing to do. Law relates to the rules a society has in place with which which people can be coerced legitimately by the state into complying. Some ethical issues are reflected in the law, but ethics is broader than law. While illegal behaviour is typically also unethical, much unethical behaviour is not regulated by the law. For example, ethics tells us that breaking a promise is nearly always wrongful, even if it is sometimes justified overall given the costs of keeping it in the particular circumstances. Thus, ethical considerations always come into play when promise-making and promise-breaking are concerned. In contrast, legal considerations only arise when the promises in question fall within the narrower set that are legally enforceable, say in the form of contracts. Ethics is thus broader than the law, providing perspectives from which to criticize the law and argue for its reform. To say that something is legally permissible is to say that it can be done without legal consequence. Thus legal analysis can tell us what the law requires and so what we need to do if we want to avoid being prosecuted, sued, and so on. Ethics cannot do this. But because the law usually reflects some minimum threshold of acceptability, the fact that something is lawful does not by itself demonstrate that it is desirable- let alone morally laudable or an example of best practice. Ethics can offer guidance as to what we are permitted to do, encouraged to do and required to do, morally speaking. Thus it can 1 A description of the methodology of that review can be found in D.1.1.
  8. 8. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 3 offer advice about what kinds of things public security providers and technology developers should do if they want their actions to be both legal and examples of best practice. Many police codes of ethics and codes of conduct include both minimum standards of behaviour and more aspirational principles. In practice, there is significant crossover between ethics and the law. For example, Privacy by Design (an approach to projects, including technology design, that promotes privacy and data protection compliance from the start) is an approach that began as best practice but is now being incorporated into EU Data Protection law.2 And ethics can have a key role to play in informing the law when, as is so often the case, the latter lags behind technological development. A crossover between ethics and law also arises when both sets of principles, rules or norms share common roots. The legal issues raised in this report are grounded in and make reference to international, EU, and domestic legal instruments. The ethical issues are grounded in the values of liberal democratic political theory, including in particular equal treatment, fairness, autonomy and liberty.3 Because the legal instruments referred to in this report are those of progressive liberal democracies, the legal and ethical concerns described below are closely related and sometimes overlap. For this reason we have presented the legal and ethical issues together in Section 3. Sometimes the values underpinning ethics and the law conflict, and ethical and legal debates are often concerned with finding the best way to reconcile conflicting duties and obligations. Within liberal democratic societies the question of which rights, rules and requirements these values give rise to is also often subject to debate. Finally, the interpretation of the role and status of the police and the nature and source of their authority varies significantly between liberal democratic countries. As this suggests, shared roots and basic commitments do not preclude dilemmas and disagreements within both ethics and the law. 1.3.2 Key legal and ethical issues A key issue facing law is that the online forms of certain behaviour are not always straightforwardly criminal acts, because of the lack of a physical impact to victims. A result is that, even if the online behaviour is criminalized, the information with which Law Enforcement Agencies (LEAs) have to deal or act upon is sometimes difficult to classify in a legal status. If information classifies as police information, other legal requirements and safeguards are at stake when it concerns ordinary information. The status may depend on whether the LEA has access to the information based on participation on social media and accessing publicly available sources, or whether access is obtained in the course of a criminal investigation, based on specific competences of the authority at stake. Another legal issue relates to the conflict that may arise between different fundamental rights. For instance, online harassment or planning of mass gatherings may seem to be 2 See http://ec.europa.eu/justice/data-protection/reform/index_en.htm 3 Seminal philosophers in this field include: John Locke; Immanuel Kant; John Rawls; Ronald Dworkin; J.S. Mill.
  9. 9. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 4 protected under the freedom of speech and freedom of assembly, while conflicting with fundamental rights of others, such as victims of harassment. Public security may be at stake in the case of mass gatherings. Although these conflicts are not entirely new, the translation to online contexts may result in much bigger impacts, because of the opportunities to reach many more people at once. A key issue facing ethics relates to which kinds of behaviour online should be criminalised, especially given the liberal democratic commitment to freedom of expression. Another is the extent to which anonymity and encryption should be permitted or even encouraged, given that both are routinely used to shield unethical and illegal behaviour online. Debates about the value of the internet and the dark web in particular as a libertarian space are relevant here (see D.1.1). A key ethical issue facing public security planners is on what terms to establish and manage relationships and collaboration with DIY policing groups and vigilante groups. On the one hand, some of these groups can potentially (and in fact do) make an important contribution to important public security aims. On the other, some DIY policing groups and all vigilante groups in particular tend to be un-transparent and unaccountable and to employ sometimes risky methods in ways that make it difficult to accommodate them within formal public security provision in a democracy. Community policing initiatives that are co-produced with public security agencies and adhere to specific modes of operation enjoy greater legitimacy and can complement rather than undermine or weaken formal measures and institutions of security. A related issue facing public security planners is how appropriate it is to rely on the criminal justice system to deal with criminal or anti-social behaviour online. Sometimes, unethical and even illegal behaviour on social media may be discouraged or prevented most effectively via means other than the enforcement of the law, such as education, peer pressure, or non-criminal sanctions such as having one’s social media profile deleted or blocked by the provider of the site. These means have the added benefit of diverting people from wrongful behaviour without necessarily criminalizing them. Also discussed are more well-trodden areas of ethical concern, such as the potential privacy implications and the potential chilling effect of police monitoring of online communications.
  10. 10. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 5 2. Legal and ethical concerns with police and local authority uses of social media 2.1 Legal Concerns The Medi@4Sec project is a European project and therefore our focus is on the EU. The aim here is not to give a complete analysis for each EU Member State, including laws and specific authorities involved, but rather to sketch the main characteristics which apply overall at the EU level, and to indicate where national differences may require specific attention. In accordance with this brief, the starting point for legal documents is at the EU level. So, taking into account future readiness of the project, for instance, the General Data Protection Regulation (GDPR) is a main source of reference. At some points, reference will be made to case law from either the ECJ or the ECtHR. When social media are used for public security purposes, several legal issues may arise. Essentially, there are two categories of legal issues that can be distinguished. The first category concerns issues related to the position or role of law enforcement agencies and other public entities involved when they make use of social media. Key questions relate to what is allowed in this respect, how the information shared or collected is legally qualified, and who is responsible for actions or has the right legal position to perform a specific action. The second category relates to issues that concern the rights of the citizens. For instance, legitimate expectations of citizens when using social media can be an aspect, but also several (fundamental) rights of citizens, such as the right to privacy and data protection, freedom of expression, and the freedom of association. These rights are supposed to be free from interference of state actors, such as the police or other law enforcement agencies. Both categories will be elaborated upon below first. Then, a third category of issues will be briefly discussed, which is the involvement of citizens in public security by means of social media. 2.1.1 Scope of legitimate use of social media data by police officers The first category of issues starts from the role or function of the professional involved. For instance, police officers are entitled to process information as part of their professional duties. Obviously, in order to maintain public security, they need to collect information, analyse it, and act according to what is needed in a specific situation. Similar needs occur in online situations. In particular, social media is used for social purposes, but also for criminal activities or types of behaviour that undermine public security. For determining the legal scope and basis of actions to be performed, it is necessary to distinguish the type of activity at stake. Basically, law enforcement agencies do have different rights in the context of general surveillance as opposed to the context of criminal investigations. In the context of criminal investigations, more competences apply to be used. For instance, monitoring behaviour of suspects, or registering what they do by means of cameras or tapping, are competences that cannot be used in the course of general surveillance, but require a more or less specific suspect and often permission from a public prosecutor.
  11. 11. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 6 In line with the above, information that is processed by police qualifies as police data. This implies that the data fall under retention terms as specified in national laws on police data. Besides, the data may be of specific kinds. For instance, criminal data are qualified as a special category of personal data and may only be processed under supervision of the public authorities.4 For the police, exceptions apply, and they are allowed to process these data as part of their professional work. For this kind of data specific laws usually apply, but the GDPR gives general indications in Article 10 by referring to data on criminal acts or convictions, or registers of criminal convictions. Differences in these laws may occur between countries, since police and law enforcement is primarily a national task and competence of EU member states. For instance, in Spain the competences of law enforcement agencies (LEAs) are regulated in a single law, while in Germany there is a distinction made between LEAs and public order offices, with diverging competences.5 To what extent a common ground is available is a key question in this respect. An extensive overview of national legal frameworks for policing is made in the EU INSPEC2T project (Deliverable 2.2, forthcoming). In WP4 of this Medi@4Sec project, issues related to national differences and legal qualifications will be further discussed as well, based on the expert views to be collected during the workshops. An issue that is still under debate is whether police should be allowed to hack into computers to obtain information. Sometimes, the option is posed to have an obligation to include backdoors in software to allow LEAs to access systems. Other options concern the exploitation of zero-day security vulnerabilities. Bottom line, however, is whether this hacking by the police should be considered lawful or not. On the other hand. Problems arise where the police is allowed to hack a computer, but lacks the technological ability to do so (Hennessey 2016). The option of backdoors is highly criticized, because this implies a general vulnerability in the security of systems to be maintained. And, obviously, not only the police will be able to exploit weaknesses. 2.1.2 Infringements on the rights of citizens Fundamental rights aim to protect citizens (individuals) in their dignity because they are human. Starting with the Declaration on Human Rights (1948), these fundamental rights form the international overarching framework against which laws and actions of state actors have to be interpreted. Limitations in laws often refer to one or more fundamental rights. Moreover, in many countries a national constitution reinforces these fundamental rights. Social media form a valuable source of information for law enforcement agencies. The information density is often high and much of the information shared by individuals on 4 Article 10 GDPR. 5 See also INSPEC2T project, Deliverable 2.2 (forthcoming), which states that “Public security within the national boundaries of the Member States is a largely decentralized competence in the EU. The management of both defence and internal security are key symbols of a country’s sovereignty, which accounts for a strong reticence to transfer these competences to higher administrative levels.”(p. 55).
  12. 12. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 7 their individual profiles is accurate. Besides, real-time activity and interests can be monitored. This brings privacy and data protection issues to the fore. The right to privacy has no clear definition. However, main aspects are usually related to either the freedom from interference in personal or family life, or to the freedom to decide what information to share and with whom (control). A common framework for testing the legitimacy of a limitation of privacy is the reasonable expectation of privacy. In a public space, individuals will not have the same expectations as within their home environment. In legal terms, fundamental rights case law points out that for the interference with a fundamental right several aspects have to be met. The interference has to be based on law, it has to be necessary in a democratic society, and it has to be proportionate in relation to the goal of the interference. In addition, several general principles apply when personal data is processed. These principles include, e.g., the need for legitimate purposes, data minimisation, rights of data subjects, information duties. These principles are based on the OECD principles, which is a list of general data protection principles as outlined by the OECD in 1980 and revised in 2013. How these principles apply in the context of social media use for public security purposes will be discussed in more detail below. For the types of activities on which this project focuses, a proper analysis has to be made of what information may be processed and under what circumstances. Legitimate purposes (including weighing proportionality and subsidiarity) First, there has to be a legitimate purpose for the processing of personal data. Any action with regard to personal data is considered a form of processing. The use of social media to spread information, thus, has to be based on such a legitimate purpose if personal data are communicated. This can, for instance, be the case when information about a criminal subject is shared via social media in the context of solving a crime. But also looking at social media to find things such as illegal content or to look for unlawful behavior is a form of processing. Quite a lot of these activities are allowed, but there has to be made a clear consideration of the legitimate purposes at stake. In this consideration, also proportionality and subsidiarity need to be taken into account. Proportionality means that the infringement on the privacy or other fundamental right of the (data) subject needs to be in proportion to the goal of the infringement. Subsidiarity means that there is no less infringing way of reaching the same goal. Rights of data subjects and obligations of data controllers/processors Data subjects, which are the persons about whom personal data is processed, have several rights under the current Data Protection Directive (95/46/EC) and under the General Data Protection Regulation (GDPR), which is going to be the successor of this Directive. They have the right to be informed about their data being processed (Article 14 GDPR). If personal data is processed, data subjects have the right to access (Article 15 GDPR), rectification (Article 16 GDPR), erasure (also known as Right to be Forgotten, Article 17 GDPR), and, under certain conditions, restriction of the processing (Article 18 GDPR).
  13. 13. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 8 Data controllers6, which determine the purposes for which and the manner in which any personal data is/will be processed, have the obligation to inform data subjects on this beforehand.7 The information should include the legitimate purpose of the processing, what data are processed, and who is responsible for the processing, the identity and contact details of the controller, the period for which the personal data will be stored, and an indication of the rights of the data subject concerning access etc. (Article 13 GDPR). In light of certain activities of law enforcement agencies, exceptions to these information duties may apply. In certain cases it is impossible to inform a data subject beforehand while remaining able to perform a task related to law enforcement. In these cases, information may be given afterwards, or in specific cases there is no obligation at all. When these exceptions may apply, has to be examined properly. The legal status of information is important to be determined and can depend on the type of activity of a law enforcement agency at stake. Basically, exceptions to legal requirements may apply if data is used, e.g., for criminal investigations purposes. Information duties may not be applicable if it is not reasonably possible to inform data subjects of their data being processed (Article 14(5)b GDPR). Obviously, one does not want to inform criminal suspects about investigations going on against them. In these cases, information may be given afterwards. When personal data are processed, there are requirements on the security of the processing. The entity responsible for the processing has to take adequate technical and organisational measures to protect the data from being leaked or otherwise illegitimately accessed, tampered with, or deleted (Article 32 GDPR). This requires that organisations have a proper policy on the data processing in place and make use of state of the art technical measures, such as encryption of the data. This aspect has specific attention with an eye on data breach notifications. If data are leaked, there is an obligation to report this to the data protection authorities and, depending on the circumstances and (potential) impact, to notify the data subjects whose data is being breached. The GDPR includes a general requirement (Article 33 GDPR), but several EU member states already have their own data breach notifications laws in place. In any case, both have to be respected. In general, for privacy and data protection issues, it is important to keep in mind that the GDPR has been adopted and will be enforceable as of May 2018. This Regulation is the successor of the Data Protection Directive 95/46/EC. In the Regulation some additional requirements for personal data processing are presented. In the context of this research, two of these are the most relevant. These are the Right to be Forgotten and Privacy by Design. 6 The duties for data controllers apply to data processors as well. Usually, this is arranged under the responsibility of the data controller in a data processing agreement. In the GDPR, data processors are attributed more responsibility to apply with data protection duties directly. 7 A number of other requirements apply as well, such as fair, lawful and transparent processing, data protection by design, maintaining records of processing activities, etc. However, these duties do not bring issues specifically for the scope of this project. A broad discussion is therefore not included here. Nevertheless, these issues may appear more relevant during the workshops and can be discussed accordingly.
  14. 14. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 9 The Right to be Forgotten (RtbF) is newly introduced in the GDPR (Article 17). The right adds to the currently existing right to have personal data deleted if these are inaccurate or no longer relevant for the purposes for which they are collected or otherwise processed. However, the RtbF essentially can concern all personal data. The rationale behind this right is that one needs to be able to start with a clean slate, or at least to have personal data removed which is processed without the data subject’s consent. If there are no legitimate grounds to maintain personal data, deletion has to be facilitated or done by the data controller or data processor, which is responsible for the data processing. In particular, the impact of social media is seen as a driver for the introduction of this specific right. On social media, lots of information is shared and there is only limited control for data subjects to remove data or disable connections between the data and natural persons. The RtbF may in some cases be a ground for having data removed next to, for instance, criminal law grounds. Think, for example of data concerning individuals in the context of online harassment. Finally, Privacy by Design (PbD) is a very prominent requirement under the GDPR (Article 25) for legitimate data processing. PbD means that systems and data processing activities have to be designed and arranged in such a manner that privacy is safeguarded where possible. More specifically, in the GDPR the term data protection by design and by default is used, because it concerns personal data processing activities. If tools or systems are developed to support the use of social media for public security purposes, or to look for unlawful activities on social media, these systems, thus, have to be developed taking into account the PbD requirement. PbD certification has since 2015 been offered via a partnership between Deloitte and the Big Data Institute at Ryerson University in Canada.8 In the context of processing of personal data for public security purposes, next to the general data protection laws, Council Framework Decision 2008/977/JHA on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters (DPFD) is relevant. This framework decision provides for the protection of personal data processed in the framework of police and judicial cooperation in order to prevent, investigate, detect or prosecute a criminal offence or execute a criminal penalty. The aim of the DPFD is to protect the fundamental rights and freedoms of natural persons when their personal data is processed for purposes in the context of public security; it covers protection of personal data that is processed in part or entirely by automatic means as well as personal data forming part of a filing system and processed by non-automatic means. The Framework Decision contains a number of rights and principles to protect the personal data of citizens in the case of criminal investigations. 8 The concept of Privacy by Design was developed by Canada’s first Privacy Commissioner Ann Cavoukian. Information about the certification can be found here: http://www.ryerson.ca/pbdi/privacy-by-design/certification/
  15. 15. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 10 Other fundamental rights at stake Next to privacy and data protection, several other fundamental rights can be at stake. To what extent law enforcement agencies are allowed to infringe upon the rights of individuals, also depends on the type of activities at stake. Freedom of opinion and expression and freedom of association, both defined in the Universal Declaration of Human Rights (UDHR), can form the basis for actions of individuals or groups of citizens. Freedom of association (UDHR, Article 20) implies that groups may be formed who share information and collectively undertake activities. Sometimes, these activities can have a criminal or otherwise unlawful character. In these cases, it becomes relevant to assess to what extent the group is responsible or only individuals within the group. And if the group as a whole is responsible for a certain type of illegal behavior, the fact that it is a group can also become a relevant factor with regard to potential sentencing. For instance, several criminal acts can be sentenced more severely when enacted in a group or as part of a criminal (or terrorist) organisation. This may become interesting, since the dissemination of racist or xenophobic materials via computer systems is determined to be made punishable by states under the Cybercrime Convention.9 Social media applications will qualify as computer systems in this respect, so the creation of online groups in which racist materials are shared or made public falls within the scope of this Convention. The freedom of opinion and expression (UDHR, Article 19) gives any individual “the freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers”. It can be used by individuals or groups to legitimize their behaviour and therewith limit the ways for law enforcement agencies to act. This is also the reason why hate speech or discrimination are often difficult to stop. Different fundamental rights clash and in essence there is no hierarchy between fundamental rights. All the circumstances of the specific case need to be taken into account to assess which of the rights should prevail. So, the right to freedom of opinion and expression has to be balanced against the right not to be discriminated (UDHR, Article 2). 2.1.3 Involvement of citizens The third main legal issue has a different starting point and concerns the involvement of citizens in public security in different forms of community policing. When citizens are involved, two legal issues come to the fore. The first is the extent to which citizens are allowed to engage in public security planning, in particular when it concerns investigating criminal behaviour or tracing criminals. Obviously, the signalling of criminal or suspicious behaviour towards the police is not problematic. However, the online context may allow for further going activity by citizens towards investigating crime or monitoring individual ‘suspects’. This kind of activity blurs with the exclusive competences of the police. Although it does not include violence or the use of force 9 Additional Protocol to the Convention on Cybercrime, concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems, Article 3(1).
  16. 16. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 11 (which is the sole competence of the police), it may interfere with the rights of citizens. Safeguards related to the professional work of the police may not be present in these cases however. The second issue is the risk of citizens taking the law into their own hands. Like the issue above, a major point of attention here is the lack of safeguards. Moreover, there is a risk of citizens who take action in order to fight crime turning towards anti-social behaviour themselves. This behaviour can be a form of privacy infringement when specific people are closely monitored on their online activities, but it may also turn towards forms of online harassment or naming and shaming practices. 2.2 Ethical Issues Concerns under this category are described in relation to each of the 6 public security tasks defined in D1.1 (pp.7-13). The personal use of social media by police officers is also considered, as it raises ethical issues for LEAs. 2.2.1 Communication and engagement with the public Police increasingly use social media as a means of improving and maintaining good public relations. Because the perceived legitimacy of police has a direct impact upon the willingness of members of the public to cooperate with them, efforts to increase perceived legitimacy are themselves legitimate activities of a police force. However, as is also discussed below (in Section 2.2.5), the primary aim of policing is to enforce the criminal law. Good public relations are a positive side-effect of fair and effective policing, but should not become an end in themselves for police; neither should efforts to improve public relations divert resources significantly from the reduction or prevention of crime. One question that arises is: to what extent does the increasing adoption of social media for public relations involve a blurring of the role of police? Another is: might efforts to maintain good relationships with community groups run the risk of establishing relationships that are too close? Close and trusting relationships between police and communities are precious resources for law enforcement. Yet they become too close if such groups request and become privy to operational information that should be subject to restrictions. 2.2.2 Emergency response and crisis management Emergencies and crises involve typically serious threats to people’s livelihoods and/or lives. In such circumstances, restrictions to freedom of movement and association, as well as intrusions into privacy and the relaxation of data protection rules (for example, to allow police and medical services to share information), are often justified ethically, and may even be morally required. Social groups differ in the extent to which they are proficient and comfortable using social media. Police have a duty to prioritise helping the most vulnerable. When the most vulnerable are also those who are less likely to use social media to request help, police and other emergency services should ensure they do not rely excessively on social media and other technological solutions but have alternative means to reach such individuals.
  17. 17. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 12 Crowdsourcing information in an emergency can be very useful to emergency response (by, for example, assisting the coordination of aid), and raises few ethical issues in itself (Meier, 2015). However, as the crowdsourced misidentification of suspects in the Boston Marathon bombings in 2013 illustrates, the verification and spread of misinformation can result in unwarranted suspicion being visited on innocent people (Project ATHENA WP3_D3, 2014). Even when information is correct, its widespread sharing on social media can increase public awareness of accusations and, in consequence, the risk of unfair trials (Milivojevic, et al., 2014). 2.2.3 Surveillance Predictive policing applications typically involve many more kinds of data than merely what is found on social media sites.10 For example, the original and most well-known such programme, called PredPol and developed in the USA, draws on a range of data sources including mapping, meteorology, crime statistics, and police databases to try to predict where and when certain kinds of crimes will occur.11 Intriguingly, some predictive policing programmes model criminal behaviour on seismological patterns, while others explore the potential of foraging behaviour as a model for burglary and theft.12 Social media data is routinely incorporated into predictive policing applications. It can potentially be used usefully to analyse the relationship between online and offline behaviour, especially around hate crimes, and thus it presents an opportunity to intervene to take disruptive or preventive measures. For example, visible spikes in online hostility may both present a response to a hate crime but also foreshadow anti- social or criminal reactions to that crime offline. In times of social unrest when certain ethnic groups become particularly vulnerable to hate crimes, police should consider using social media surveillance more aggressively to protect them. Predictive policing also carries potential risks. Profiles may be applied via social network analysis on social media, and these may ‘finger’ individuals in ways that result in unreasonable interferences with innocent people (Joh, 2012: 47). If a programme involves machine-learning about which ethnic or racial groups to target in an area in which disproportionate attention (e.g. via stops and searches) is paid by police to minority groups, then this disproportionality may be perpetuated and even magnified as it appears to justify ever more intense scrutiny of those groups. This risk, known as the ‘ratchet effect’ arises in relation to ethnic or racial profiling in general (Harcourt, 2008, Ch.5). Police and technology developers should consider ways in which people wrongly identified as risky or criminal can be spared repeated such identifications in the future. If surveillance of social media communications is used speculatively, to monitor behaviour in the absence of any defined investigatory or intelligence aim, its 10 Indeed big data analytics are being used in jurisdictions around the world, fusing information from sources as diverse as meteorology, seismology, real-time transport data, crime statistics, police databases and open-street surveillance. For recent examples from the UK see Europol’s 2015 report on ‘Big Data, IoT and the Cloud’. 11 The product’s website is at http://www.predpol.com/ 12 For a journalistic overview see Hvistendahl 2016 ‘Can Predictive Policing Prevent Crime as it Happens?’ Science Mag.
  18. 18. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 13 proportionality may be called into question. If surveillance captures the data of many more individuals than those suspected of crimes, the collateral interference with these individuals’ privacy should be considered. However, police collection of data is less intrusive than police viewing of data: if technology developers can design products that filter out, airbrush or scramble data of non-suspects, this may be one way of reducing interference. Concerns about collateral intrusion have been expressed in recent months about what appears to be the expansion in the covert use by UK police forces of IMSI technology, which impersonates mobile phone towers in order to harvest information from the phones of people within a certain radius.13 2.2.4 Criminal investigations As reported in D1.1, the UK police increasingly use social media (primarily Facebook and Twitter) for intelligence and investigation (The Police Foundation, 2014). Between 2007 and 2010 the number of UK crimes resolved using Facebook grew by 540%, and those resolved using Twitter grew similarly, in line with increases in public usership (Knibbs, 2013). Interpreting the intentions of people as expressed in their communications online is not always easy. High-profile mistakes by police that result in the criminalization of individuals for posting innocuous content14 can lead to a reduction of trust in the competence of police and, more worryingly, a chilling effect on people’s social media communications, if those using social media believe that their comments might be misinterpreted. There is therefore a risk of an inhibiting effect on freedom of expression, in addition to the obvious risk of criminalizing innocent individuals. However, it should be said that in liberal democratic societies the fear of trolling and public shaming online is likely to be the source of much more serious and chilling effect than any blunders of law enforcement. In some states the expression of political dissent, religious faith of certain kinds, or minority gender or sexual orientation is criminalized either officially or in practice. Here, the use by police of social media as evidence of such transgressions poses a serious risk to freedom of expression, association, and belief as well as to the right to a private life. Encryption of social media communications, as is the case for example on the TOR-enabled Dark Web, is easier to justify in such states than in liberal democratic ones. Some research suggests that most Dark Web communication in liberal democracies is illicit, which would support this view (Guitton, 2013). 2.2.5 Community policing Preventing crime is an important goal of policing. Community policing apps and programmes that enable citizens and police to co-create security can increase the rate of detection of crimes. For example, a Neighbourhood watch-style WhatsApp project in the 13 Pegg and Evans, “Controversial snooping technology 'used by at least seven police forces’” The Guardian Newspaper, 10th October, 2016. Retrieved 20-10-2016 via https://www.theguardian.com/world/2016/oct/10/controversial-phone-snooping-technology- imsi-catcher-seven-police-forces 14 As occurred in the UK in 2010 when a man was convicted of menacing threats for posting a comment on twitter about blowing up an airport that was an obvious joke: http://www.bbc.co.uk/news/uk-england-19009344
  19. 19. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 14 Netherlands town of Tilburg 15 involves the police cooperating with citizens on WhatsApp to exchange information and prevent burglaries (Akkermans, et al. 2015). This includes citizens in actively patrolling the streets to prevent crimes and burglaries (Lub, 2016), which have been highly successful not only in reducing the number of burglaries but also in making people feel safer (Land, et al, 2014). To what extent should police pursue the reduction of fear of crime as an end in itself? The primary role of police is to enforce the law and reduce crime, ie. to prevent people becoming the victims of crime and to pursue justice for them when they do. While we might expect an increased sense of security to result from increased protection from crime, this is not necessarily, not even typically the case. In the UK at least, it has been shown that, at the level of the community, fear of crime does not correlate to actual experience of or rates of crime.16 Though an increased sense of security is valuable (as the philosopher Cass Sunstein puts it: ‘the reduction of even baseless fear is a social good’)17 it should not be pursued at the expense of resources that could be spent increasing actual security from crime. Several analyses reveal that people who engage in social media exchanges with police have more confidence in the police as well as greater overall satisfaction with the police (Ruddell and Jones, 2013). Beyond these opportunities in policing efficiency and effectiveness, citizen interaction with police forces can have a positive effect on police legitimacy (Meijer, 2014). However, the co-creation of security (which, until now has been relatively unique to the Dutch context) carries risks. It blurs the boundaries between what can be considered DIY policing and regular policing. Citizens are not properly trained to act on behalf of other citizens, nor is it possible to hold them accountable for their actions (Meijer, 2014). In order to ensure clear lines of accountability, when setting up these platforms for interaction, the legitimate sphere of action of the police must be distinguished from that of citizens. As is discussed in more detail in the next section, citizen security groups may reflect the interests and, more worryingly, the preconceptions and prejudices of certain communities. For example, certain citizen groups may focus their attention disproportionately on perceived criminality of minority communities. When interacting with communities to co-produce security, police must ensure that their actions do not replicate the prejudices of community groups and treat people unfairly as a result. In order to ensure that security is co-produced fairly, they must take measures to verify intelligence and evidence. And they must take full responsibility for any criminalization 15 For an English-language journalistic overview, see Kidd ‘Burglard avoid areas with WhatsApp neighbourhood watch’. NL Times, 6th October 2015 at http://www.nltimes.nl/2015/10/06/burglars-avoid-areas-with-whatsapp-neighbourhood- watch/ 16 See a study for the government by the University of Sheffield, ‘Fear of Crime: How do perceptions relate to reality?’ 2005. Retrieved 20-10-2016 via http://extra.shu.ac.uk/ndc/downloads/reports/Fear%20of%20crime_perceptions%20relate%2 0to%20reality.pdf; also Wynne, 2008 ‘Fear of Crime’ in Internet Journal of Criminology. Retrieved at 20-10-2016 via http://www.internetjournalofcriminology.com/wynne%20- %20fear%20of%20crime.pdf. 17 Sunstein, 2003, p.132.
  20. 20. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 15 of individuals that might ensue. Cases in which neighbourhood watch and other kinds of DIY policing spill over into vigilantism are discussed in the following section. The concern has been expressed that “turning every citizen into would-be police officers poses the risk of decreasing trust among citizens (because both certain forms of vigilante-ism as well as DIY policing) reveals the limitations and inability of police forces to solve crimes themselves and thus threatens their legitimacy. Journalists covering successful DIY policing in their reports have been raising the question why police forces were not able to do what citizens managed to accomplish” (Halber, 2015). This may be correct, but in general reputational issues are outweighed by increases in effectiveness and efficiency; the goal of the police is first and foremost to enforce the law, the promotion of their own public image is only a goal insofar as it helps them achieve that primary goal. New tools enable the reporting by individuals of crime online and the submission of supporting evidence.18 It is unclear as yet whether the risk of false accusation on such tools is higher than it is with traditional reporting mechanisms. Where people are able to upload evidence, there should be mechanisms to distinguish reliable from unreliable evidence. Studies suggest citizen-provided content lacks context and can be unclear (Penterman, 2012). Different kinds of people use different kinds of technologies and applications. It is important that local authorities and police are aware of the demographics of those using different forms of social media for public security, otherwise they may reach inaccurate conclusions about the kind and rate of crime and other public security issues in an area. Worse, they may fail to register issues that impact on certain vulnerable or disadvantaged groups. To see how this might occur, we can refer to the example of Street Bump (www.streetbump.org), a Boston-based smartphone application that relied on citizen users to crowdsource information about potholes and direct road repair resources accordingly. Differential rates in smartphone ownership in rich and poor areas meant that potholes in areas frequented by relatively better off citizens were prioritised at the expense of those in poorer areas (Solon and Selbst, 2016). 2.2.6 Intelligence As discussed in D1.1, the police have to “assess the value and accuracy of any intelligence obtained” online just as they do offline (p.22 D1.1). Identifying credible information from rumours and speculation is increasingly difficult (The Police Foundation, 2014). For this reason, some of the same risks around criminalizing innocent people discussed in 4) above also apply in the realm of intelligence-gathering, 18 Examples are described in D1.2: The Jamaica Constabulary Force (JCF) has created a crime- reporting website with features such as an instant chat, file uploads and discussion forums. Users can enter details of a crime that they have witnessed and upload any supporting evidence (Donaldson et al. 2013); The EU Trillion project has conceived a project platform for incident discovery, prediction, reporting and interaction, through which citizens can contribute to better urban security management by reporting crimes, suspicious behaviour and incidents by using existing social networks (Trillion project Brochure, 2015); True Vision, an online hate reporting tool launched by the UK’s Association of Chief Police Officers is a further example (Home Office, 2014) as is the UK’s Metropolitan Police’s Online Hate Crime Hub (Aug, 2016).
  21. 21. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 16 unless it is done secretly and is not exposed by leaks. Public attitudes towards data sovereignty and privacy (even on open platforms) are unpredictable, varied between different social (age, gender, education, class) groups, and in flux. Public trust and confidence in policing is affected by any gap between public expectations of policing online and the reality, when it is exposed. In addition, the public can only be said to consent to police gathering of intelligence online if they are aware of the kind of activities that might occur. There is a reputational risk if law enforcement agencies are seen to be ‘snooping’ online. Though reputational risks are not ethical issues as such, damage to the reputation of policing can generate serious and sustained damage to public trust and, by extension, the legitimacy of police (Bartlett et al., 2013).19 Inaccurate or incomplete information and the problematic inferences about people’s criminality that follow can result in disproportionate monitoring or even unfair criminalization. Monitoring for intelligence-gathering and monitoring for criminal investigation should be distinguished and regulated accordingly. An important question for technology developers and users is how tools can address risks of bias, such as in the patterns of language that it flags as suspicious. 2.2.7 Police personal use of social media There are tensions between the need to protect the reputation of public security institutions and the need to respect the right of individual officers to a private life. To what extent does their professional role as enforcers of the law legitimately limit what police officers should be doing on social media in their private lives? Unlike other state employees, police officers represent the law and wield unique power to enforce it on behalf of citizens. They are supposed to protect all citizens equally, without distinction. In order to maintain legitimate authority over citizens they must not only enforce the law fairly and proportionally but they must also be seen to do this. This means that care must be taken to avoid both unfair behaviour and behaviour that gives the impression of unfairness. For this reason, the public expression by police of overtly partisan political views, racism or other forms of prejudice are generally taken to be incompatible with a career in policing. More controversial are questions about whether police should be permitted to have body art, piercings, or wear visible signs of religious faith, and the extent to which they should be displaying such things in their social media profiles. Similarly controversial are questions about immature behaviour on social media. For example, very young police recruits in Greece have been disciplined for posing with their regulation weapons on their personal Facebook sites, because this shows a lack of due respect for the office they hold (Inspec2t D2.2: 114, forthcoming). Given these risks, the question arises whether police should be permitted to have public profiles on social media at all. 19 According with a survey among users of municipal police websites and social media in Canada, social media used in policing has relied on other forms to watch over the public but never so much content has been accessible in a single enclosure. Everyday actions in social media become online content and this content becomes evidence. Many individuals are aware, some refuse to upload content, some other refuse to become users (Trottier, 2012).
  22. 22. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 17 3. Ethically risky, anti-social and illegal uses of social media by citizens and ethical and legal issues arising in connection with public security responses Legal and ethical issues are considered side by side under common headings in this section. 3.1 Trolling Trolling can be usefully defined as the targeting of defamatory and antagonistic messages towards users of social media (Williams and Pearson, 2014:4).Trolling broadly understood includes: cyberbullying; cyberhate; cyberstalking; cyberharassment; revenge porn; sextortion; naming and shaming; and flaming. Cyberhate is trolling targeted towards those with minority status. The term ‘flaming’ is used by different actors to refer to different activities: some use it to refer to extremely provocative language, designed to start a fight (Hardaker 2010; Herring et al. 2002; Williams and Pearson, 2014:11); others use it to refer to those who post offensive or provocative material for their own entertainment or gratification (Bishop, 2013). All the activities listed here involve the targeting of individuals for abuse online. Revenge porn, sextploitation and doxing involve specifically exposing aspects of someone’s private life online and thereby ruining their reputation. Most of these acts take place within a context of wider abuse, including offline, but some trolls, in particular those who belong to the sociologically distinct group of individuals who self-identify as trolls, carry out the vast majority of their abuse online. The legal status of all the trolling-related acts just listed differs from jurisdiction to jurisdiction and from act to act. The issue of harassment or stalking is reviving on the Internet - a concept referred to as “Cyber Stalking”. Recent work on the ethical wrongs of stalking, including online, describes how it involves a ‘psychological take-over’ and thus a deep invasion of the privacy of victims (Guelke and Sorell, 2016). In a recent article (Yar, 2012) cyber stalking is defined as: “The repeated use of the Internet, email or related digital electronic communication devices to annoy, alarm or threaten a specific individual, and as such constitutes an extension of ‘terrestrial’ stalking behaviour into the online world.” For law enforcement agencies, this can be difficult, as there are different levels of such behaviour - from criminal stalking or even identity theft, to simply unwelcome communications on Facebook. (Yar, 2012). Therefore, a challenge for police, public prosecution services, and legislators is distinguishing between which of these activities should qualify as anti-social behaviour online, minor crime, and serious crime, and how many resources should therefore be devoted to preventing, detecting, and prosecuting each. In the article “Should Cyberbullying be criminalised?” (Campbell e.o., 2013), it is argued that an additional problem is that there is no clear definition of cyberbullying, as it
  23. 23. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 18 relates to a mixture of notions - cyberstalking, cyberharassment, cyberbullying, etc. Furthermore, the article states that the difficulty in criminalizing such behaviour by law, is that it might not act as a deterrent when applied to impulsive, young people. The perpetrators do not believe that they can be caught, as they believe that adults do not understand the technology, and because they are able to bully anonymously. Second, they are often unaware of the law. Thus, young people’s behaviour do not have the extensive surveillance needed to enforce the law or severe enough sanctions, to deter them from engaging in these behaviours. However, a law could be an important remedy, as cyberbullying incidents often slip through the cracks of the current legal frameworks, as the nature is not always evidently in line with the descriptions of unlawful acts in civil laws now. The authors of the article therefore conclude that laws should support a proactive approach with education, training and counselling for dissuading others who might consider cyberbullying. Educational measures might be most effective in dealing with cyberbullying, but they may sometimes fail in preventing incidents as they lack the stronger deterrent effect of cyberbullying laws that prohibit and punish such behaviour. (Campbell e.o, 2013) In some cases of shaming online, the harm done to victims can be devastating, yet the criminal justice system has no authority to intervene unless a criminal or proto-criminal act has occurred. In some jurisdictions however determining whether such an act has occurred requires interpreting the extent to which the communication is offensive, and this can be difficult. Other actors such as social media providers or third-sector groups may be better placed to help. There is evidence that there is a blurring between cybercrime such as fraud and trolling as cybercrime becomes more targeted, aggressive and confrontational. Various novel forms of extortion require few technical skills. As a result, the profile of cybercriminals is changing, with increasing numbers of individuals acting alone supplementing organised criminal groups. The more personal, targeted, and aggressive cybercrime becomes, the worse the psychological impact on victims (Europol, 2015:10). 3.2 Grooming Grooming refers to acts and communication designed to prepare someone for criminal exploitation or attack. Efforts have been made to outlaw grooming for sexual offences and for terrorism in particular. Grooming offences can be component offences, or may involve steps that, while apparently harmless in isolation, characteristically lead to the intentional commission of the serious crime. The rationale for making grooming illegal involves reference to the seriousness of the crime for which people are groomed: the more serious a crime –understood in relation to a scale of harm and culpability—the more urgent it is to prevent it. Concerns raised in relation to the criminalisation of grooming relate to more general worries about the extent to which justice should be preventive rather than retrospective; how to determine whether a preparatory act is close enough (i.e.
  24. 24. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 19 predictive of) to the infliction of harm to be properly criminalized; where the line between a preparatory offence and a ‘thought crime’ lies; and the extent to which preparatory offences fail to allow for last minute changes of heart. There have been worries that some social media sites provide child sex offenders with an easy way of targeting children for such abuse. (Yar, 2012). Communication established on social media could serve as a preparation for subsequent acts of contact abuse offline: first, offenders are winning children’s trust online, and then, they can arrange meetings offline, at which physical abuse can take place. In the Netherlands, for instance, grooming has been made illegal since January 2010. Statutory provision 284e states that ‘anyone using a computerized device or communication service with a person whom he or she knows or could reasonably suspect has not yet reached the age of sixteen yet, proposing a meeting with the aim of indecent acts with that person or manufacturing an image of a sexual act with that person, undertaking any act aimed at achieving such a meeting’ can be ‘punished with imprisonment not exceeding two years, or a fine of the fourth category’.20 In relation to grooming for sexual offences, challenges for police arise in relation to the variation between the age of consent in different countries and the international nature of online sexual grooming. In addition, there is a risk that normalised sexual online chat amongst teenagers might be inadvertently criminalised. It may sometimes be difficult for police to distinguish, especially at an early stage in the investigation, reliably between groomers with an intent to abuse and those whose actions would be unlikely to go further than communication online. When people are identified as a priority, catching them with means that fall short of entrapment involved treading a fine line. Finally, the vast numbers of individuals sharing CSE or CSA (child sexual exploitation and child sexual abuse) material online and engaging in sexualised online chat raises a challenge to police about how to distinguish the most vulnerable and prioritise their protection. For legislators and policy-makers, the scale of the problem means that the possibility of alternative sanctions, such as restorative justice, should also be explored. A phenomenon similar to grooming involves individuals on social media encouraging others to self-harm, for example, by becoming anorexic or even by committing suicide. The extent to which online speech encouraging others to harm themselves should be criminalized involves careful consideration of issues such as the causal role played by the encouragement and the intent of the groomers. The vulnerability of those groomed is also relevant. 3.3 Organising risky events/protests/riots In essence, there is no real difference between a risky event being organised via social media or via other means. The difficulty remains in how to address such an event, which security measures to take, and whether or not to prohibit an event. However, due to the use of social media, the scope of people getting to know about a certain event or being actually invited to attend may become substantially bigger. As a result, the risks 20 See also Article 248e Dutch Criminal Law.
  25. 25. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 20 associated with the events may be bigger as well. Nevertheless, the traditional tension between public security maintenance and the right to freedom of opinion and expression and freedom of association remains present. Social media platforms are often used to organize events, some of which (like parties or raves) are innocuous in principle but may pose a potential public order risk and some of which (like riots) are illegal. Any event has the potential to turn violent, get out of control and it is not always possible nor desirable to categorise events in advance as ‘risky’ or ‘non-risky’. Some events that are not inherently risky, such as religious gatherings, may nevertheless become predictably so if, for example, there is widespread prejudice against religious groups in a society. In such cases, the protection of individuals at such events is very important. ‘One challenge for public security providers is determining what level of monitoring, interference, and police presence is proportionate in relation to such events. Technology developers may be able to help in this respect if data analytics can predict the extent to which an event is likely to affect public order or turn ugly. Poor judgements in this respect can have serious ethical consequences if events become violent and people get hurt or property damaged. The cooperation with police of people at events can be vital to their successful management so good communication strategies on social media is vital. In case of the organization of big events, cooperation with authorities is usually required as part of the permission granted by authorities to hold the event. Political protests are also organized, discussed, and reported from on social media. Police have an additional obligation to facilitate peaceful political protest, given the need to protect freedom of association, belief, and expression. But they also have a duty to deal with any anticipated public order risk. There may be in practice a tension between the duty to secure public order and the duty to protect freedom of expression and association and this poses a challenge to local authorities, who must ensure that public order responses do not interfere with these democratic rights any more than is necessary. In the USA, it emerged from responses to freedom of information requests that a company called Geofeedia had contract to provide police forces with data from Twitter, Instagram and Facebook (with whom they also had contracts) that was used to monitor protest groups, including the Black Lives Matter campaign. The American Civil Liberties Union has objected to these contracts, citing the self-professed commitment of companies like Twitter to providing spaces where genuine freedom of expression can be exercised.21 3.4 DIY policing via social media security platforms DIY policing refers to citizens ‘performing activities that fall within the range of police work and the work of other organizations dealing with public security” (D1.1) As modern Sherlock Holmes they assist the police, investigate crimes, identify suspects, 21Cagle, M. Facebook, Instagram, and Twitter Provided Data Access for a Surveillance Product Marketed to Target Activists of Color’, ACLU Blog, October 11, 2016. Retrieved 20-10-2016 via: https://www.aclunc.org/blog/facebook-instagram-and-twitter-provided-data-access- surveillance-product-marketed-target
  26. 26. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 21 form vigilante groups, hunt paedophiles and report on crimes. DIY policing is often stimulated by emotive local issues and often brings to the fore concerns over how and when citizens should engage with, and be responsible for, public security. For example, motivated by emotional media reports about cyber grooming, online groups have formed where members pose as child victims in cyber grooming and meet suspects.22 While these groups publicly offer their free services to law enforcement agencies, they also act independently (Huey et al., 2012). As described extensively in a recent report on the ethics and legal aspects of community policing IT platforms, community-managed platforms for public security typically reflect the social makeup, preoccupations, and biases of the community in question (Inspec2t Project, forthcoming). Sometimes neighbourhood watch-type groups have themselves become a source of public security challenges. For example, in Austria, the ‘City Watch’ initiative was driven by populist right wing parties and directed against a group of immigrants (Inspec2t Project Report 2.2 forthcoming). There is a risk that online platforms end up incorporating and reflecting the biases of the communities using them. For example, the iPhone application SketchFactor enables users to share information about the ‘sketchiness’ (i.e. dangerousness and poverty) of neighbourhoods and suspicious types. While the aim of this application was to crowdsource information to help people navigate a potentially unfamiliar city safely, it has been criticized for providing a platform for (affluent, white) people to voice their prejudices and biases about (poorer, minority) people and the security threat they pose (Inspec2t Project Report 2.2 forthcoming).23 Such platforms provide both an opportunity and a challenge for local authorities and police. On the one hand, they may sometimes be a source of useful intelligence. On the other hand, they may be a source of misinformation and/or biased or prejudicial information. Police and local authorities will need to manage carefully their interaction and engagement with such platforms. It may be important for police and local authorities to maintain good relations with such platforms and the communities they are connected to, but it is equally important for them to avoid being seen to share the particular biases or preoccupations of those groups. What is more, they should ensure that they do not allow community policing agendas to be determined by these groups and thus to be more responsive to the concerns of those communities than of other, potentially disengaged, disadvantaged, or less technologically organized communities, whom the police are nevertheless equally obliged to serve. These issues also pose a challenge for technology developers, who should explore technological means to addressing them, e.g. by filtering out prejudice, monitoring reporting for evidence of systematic biases, and/or by flagging it in real time where it appears to have occurred. 22 See, for example, the UK-based Internet Interceptors: https://internetinterceptors.wordpress.com 23 For a well-informed journalistic treatment of the issues raised by Sketch Factor, see Marantz, ‘When an app is called racist’, The New Yorker, July 29, 2015. Retrieved 20-10-2016 via http://www.newyorker.com/business/currency/what-to-do-when-your-app-is-racist
  27. 27. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 22 A related problem for law enforcement agencies is that there is always a chance that people are wrong in accusing a suspect in the investigation. While placing video’s and photo’s on the internet and (social) media will help the police in investigating suspects, a notion of caution should be made - there is a chance that the privacy of suspects is violated, or that the manufacturing of their images does not meet a number of conditions. For instance, citizens and companies can only make images if the presence of cameras is announced, or when there is a specific and compelling reason to use hidden cameras. Also, the use of cameras in homes or non-public places must be pre- announced, as there is a more important privacy aspect. Furthermore, citizens and companies cannot publish imagery of a criminal offence in regular (offline) media, as this could be an infringement of the privacy of the suspect. Thus this subject should be handled very carefully. (Penterman, 2012) The distinctions became clear in the case law of the European Court on Human Rights (ECtHR). In La Flor Cabrera v. Spain,24 it was decided that filming a person in a public space does not necessarily constitute an infringement of Article 8 ECHR. However, in Rotaru v. Romania, it was decided that “public information can fall within the scope of private life where it is systematically collected and stored in files held by the authorities.”25 A more systematic way of monitoring individuals is, thus, more infringing and requires additional legal safeguards. With respect to non-public spaces, activities that may be undertaken in the course of a professional or business activity cannot simply be excluded from the private life sphere.26 For this reason, the use of video camera’s within companies need to be pre- announced and approved by the employees or the works council on behalf of the employees. In line with the above, the sharing of information, such as video footage, via social media platforms, has to be carefully considered. In particular, if individual citizens can share information via these platforms, the legal safeguards may be lacking. Moreover, informationalizing emergency response could create digital divides. New forms of surveillance, without professional accountability, can undermine European values such as professional integrity to privacy and other civil liberties (BRIDGEproject.eu). The convergence of technologies is relevant, in this respect, since it becomes ever easier to combine text messages with photos or videos and to have real-time interaction. Without professional accountability as a safeguard, the risk may be that citizens unintentionally infringe upon certain rights of (alleged) suspects. Convergence of technologies increases the need to manage responsibilities carefully (Ellis, 2014). 3.5 Vigilantism, digilantism and hacktivism Vigilantism refers to citizens adopting criminal justice functions of catching and/or punishing criminals. Digilantism refers to the use of digital means to pursue vigilante aims. A specific kind or relation of digilantism is ‘hacktivism’, which refers to the use of 24 La Flor Cabrera v. Spain, (Application no. 10764/09), Judgment, May 27th 2014. 25 Rotaru v. Romania, (Application no. 28341/95), Judgment, May 4th 2000, at 43. 26 See the Niemietz v. Germany judgment of 16 December 1992, Series A no. 251-B, pp. 33-34, § 29, and the Halford v. the United Kingdom judgment of 25 June 1997, Reports 1997-III, pp. 1015- 16, §§ 42-46.
  28. 28. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 23 hacking techniques to harm and punish perceived wrongdoers online, especially companies and organisations perceived to be on the wrong side a political debate. All three of these subcategories of DIY policing involve to varying degrees individuals taking the law into their own hands, bypassing existing public security organizations and themselves detecting and/or punishing crimes of perceived wrongdoing by others (Trottier, 2014). From a legal viewpoint, digilantism is problematic. It is the online equivalent of individuals taking the law in their own hands. However, the police have a monopoly on using violence and are, thus, the only ones allowed to interfere in such a manner. Some discussion may arise, nevertheless, since there is no use of physical violence in these cases. This may result in standpoints where the interference by digilantes or hacktivists seems legitimised. The lack of transparency, guidelines and authority is a major point of attention. Whether in some way cooperation can be found is the question. Recent years have seen a greater realisation that the scale of child sexual abuse and exploitation is such that law enforcement authorities are only able to pursue a very small fraction of crimes detected. This situation, combined with an understandable public revulsion at these grave crimes, has spawned a number of self-styled paedophile catchers: groups that engage in honey trap and entrapment-type activities to identify and ‘catch’ paedophiles who they then turn over to the police. There is some anecdotal evidence than victims of child sexual abuse support the work of these groups and in some cases actively cooperate with them, driven by frustration at the lack of law- enforcement capacity.27 In the UK the standard police response is to discourage such activities on the grounds that those carrying them out are neither sufficiently versed in the law nor able to assess the risks to victims, to be able to collect evidence admissible in courts, and that vigilante actions may interfere with and disrupt or even damage ongoing police investigation.28 It is worth asking whether such a blanket approach is ethically defensible given the suggestion that passing information to police is only effective if police have the capacity to act on it. Might a more structured engagement with such groups improve their tactics, reduce the risks, and thus benefit both victims and policing aims? 27 See, for instance, this example from the UK: https://www.theguardian.com/society/2015/nov/08/abuse-survivors-vigilantism-paedophile- hunters-police 28 In the words of a representative from Scotland Yard: “This type of action could jeopardise or interfere with on-going investigations, and our advice to anyone who has information about suspected child sexual abuse - online or otherwise - is to contact police so we can investigate and, where possible, bring people to justice. Revealing the identity of a potential suspect could give them the opportunity to destroy evidence before police become involved It could also lead to individuals taking action in an attempt to evade police. This can divert significant policing resources which would be better invested in investigating and, where there is evidence, prosecuting individuals. Most importantly, those undertaking this type of activity cannot fully assess any risk associated to victims and their families” http://www.standard.co.uk/news/crime/police-slam-vigilante-paedohunters-who-snared- online-predator-a3219546.html
  29. 29. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 24 Digilantism can overlap with trolling when, in the name of punishing or catching out wrongdoers, digilantes engage in unethical or illegal acts themselves, such as shaming, harassing or doxing perceived wrongdoers online. A notorious example of this is the hacker collective Anonymous (http://anonofficial.com/), which has targeted a number of websites for Denial of Service attacks or other kinds of naming-and-shaming hacks, including sites that enable people to share CSE content and ISIS sites. Digilantism and hacktivism and some kinds of vigilantism are examples of “social policing measures” (Jardine, 2015) that may involve actions that are themselves illegal. They are problematic in the context of a democracy because they challenge the rule of law (i.e. the principle that the law should be applied objectively and impartially by an accountable, transparent and legitimate state) because decisions about who to punish and how are made in a context that is neither transparent nor accountable nor in any sense democratically mandated (Rizza, 2012). Digilantes and hacktivists often claim to represent the disenfranchised, disadvantaged, and vulnerable amongst us, but they do not aim to actually gather support let alone authorisation from those groups to support those claims. In this respect, their legitimacy and authority is highly questionable even when their targets are quite obviously engaged in unethical behaviour- and in any case it falls far short of police and other state agents, whose authority and legitimacy is democratically mandated. 3.6 Activity on the Dark Web The Dark Web refers to a layer of the Internet in which content has been intentionally concealed and users can surf anonymously. In order to reach the DW and to access its content, one needs to install a certain program whose function is similar to that of a web browser or search engine. The most commonly known program is The Onion Browser (TOR) (D1.1). The feature that distinguishes the Dark Web from the open web is therefore encryption. While there is nothing ethically or legally dubious about encryption in principle, the reality is that much of the activity on the Dark Web by people in liberal democracies is unethical and/or illegal. The Dark Web hosts a vast range of sites and forums for unethical and illegal behaviour, from illicit markets for drugs, counterfeit goods, and contract killings to money laundering, extremist sites and forums for the sharing of child sexual abuse material. All of these activities are legitimate targets of policing, and all are made easier to perform and more difficult to prevent and prosecute by encryption. As noted in D1.1 however, it is not only criminals who use the dark net. Political dissidents and activists, journalists, law enforcement and the military also take advantage of the security and anonymity offered by encryption. Some citizens use it as we do the open web. The reason they prefer it is that they see it as a means of being free from the kind of corporate and government surveillance they find objectionable on the open web. Some of these users consider the term dark net itself a media fabrication to draw attention away from the legitimate, innocuous, and even life-saving use of the dark web and towards the criminal. Some, like Edward Snowden and Julian Assange, see government-sponsored
  30. 30. MEDI@4SEC The Emerging Role of New Social Media in Enhancing Public Security Grant Agreement no 700281 25 attempts to crack anonymity on the dark web as an attack on freedoms, especially privacy.29 Sometimes claims about the need for freedom from surveillance fail to distinguish between surveillance undertaken by democratic, liberal, accountable governments seeking to combat crime and surveillance undertaken by authoritarian regimes for the purpose of stamping out political dissent. Ethically ambiguous uses of the dark web include leaks of classified government material and other kinds of whistleblowing. Leaks of classified material may in some cases be the only way that state wrongdoing can be revealed and resisted. But sometimes the material leaked reveals more than is necessary to that goal and may even put lives at risk (as the US court recently determined in the case of Chelsea Manning’s leak of US military information to the Wikileaks site).30 29 http://www.rollingstone.com/politics/news/the-battle-for-the-dark-net-20151022. Retrieved 11-10-2016. 30 For a brief but objective overview of the case, see the BBC profile of Chelsea Manning at http://www.bbc.co.uk/news/world-us-canada-11874276. Retrieved 11-10-2016.

×