Summary: Working Group on the Information Society
Communication Privacy
| Time: |
|
17 July 2002, 16:00-17:30 |
| Location: |
|
ITU H |
|
Moderator(s): | | • Mr. Stephane Koch, Internet Society (ISOC)
|
|
Presenters/ Participants: | | • Mr. George Danezis, University of Cambridge
• Mr. Alberto Escudero Pascual, Royal Institute of Technology (KTH)
• Mr. Andy Mueller Maguhn, Chaos Computer Club
• Mr. Robert Guerra, Privaterra
• Mr. Jeroen Van Hove, Mandat International (MI)
|
| Reporter: |
|
Ms. Yoshiko Kurisaki, Pacific Telecommunications Council |
| Resource Person: |
|
Mr. Jeroen Van Hove, (Mandat International) |
| Language: |
|
English |
| Key words: |
|
Privacy, surveillance, security, computer, network, data protection |
|
|
|
A risk of surveillance of one’s privacy, using digital technologies, is a threat to the freedom of speech in the Information Society. The risk is not potential but the reality. We, individuals and civil society (CS), must be well aware of the risk and protect ourselves. Several kinds of software are already available as useful tools. One however needs to be accustomed to use these. CS has important roles to play for the privacy protection in the information society.
Mr. Georges Danezis of Cambridge University, the UK, presented legislation enacted in the UK on the traffic data retention, which is an obligation to telecommunications operators and Internet service providers (ISPs). Traffic data contained in a packet header is not content of the message itself but rich enough to reveal one’s privacy, such as sender’s location, time and destination of messages. A major threat to civil
society (CS) is that authorities may use the data for political surveillance. CS should be aware of the risk, lobby with the decision-makers to limit the surveillance and monitor abuse of surveillance
powers.
Mr. Robert Guerra of Privaterra.org and Computer Professionals for Social Responsibility, shared his experience of e-mail surveillance targeted to NGOs involved in human rights in Central America. Some NGOs could not receive files attached to e-mails for an unknown reason but they did not know how to
resolve this issue. He urged all the CS to adopt means to prohibit intervention of unknown bodies in their e-mails, such as using a server located in another country or installing a
firewall.
Mr. Alberto Escudero Pascual of the Royal Institute of Technology, Sweden
demonstrated the evidence that security agencies, all the agencies including police, airport security, etc., survey citizens without being known in democratic countries. Nodo50, a non-profit ISP
(www.nodo50.org), monitors the police surveillance activities and post the facts in its web site. We must monitor the surveillance by authorities to safeguard ourselves from their abusive use of data, “watch the
watchman”.
Mr. Andy Mueller Maguhn, Chaos Computer Club and ICANN presented privacy protection issues involved in the Internet. The current protocol of the Internet, TCP/IP version 4 (IPV4), is weak in the data protection, as data packets are easily readable. Level of protection of domain name servers is insufficient, hence hacking and surveillance are possible. Neither political safeguard against the fraud use of technology, such as a concept of the lawful interception proposed by ETSI (the European Telecommunications Standards Institute), nor technical protection, such as digital signature, protects the security and privacy of users. Available security products are limited in their abilities due to some legal constraints. Awareness and understanding of the issues are critically
important.
Mr. Stephane Koch, President, Internet Society Geneva, proposed that CS should monitor the surveillance authorities and that this CS role should be included in the Working Group recommendation to the World Summit on Information Society
(WSIS).
In the dialogue session after the Q&A session, participants expressed the following views; became aware of the risk of surveillance that leads to assassination to politicians, ISOC should act to raise awareness of the danger involved in the currently proposed cyber crime treaty, and awareness raising is the key to create actions for privacy protection.
Interesting questions
- A member of ISOC asked about the level of improvement in security protection of IPv6. Mr. Guerra, Mr. Pascual, and Mr. Maguhn responded that the level of security depends on the manners of implementation of IPv6. It is impossible to conclude globally that security protection of IPv6 is better than IPv4. The high level of mobility enabled by IPV6 would even facilitate surveillance.
- A PTC member asked what roles CS should play to protect citizens’ privacy in those countries that use telecommunications regulation (e.g. where PTT monopolises ISP business) as a means to facilitate state surveillance.Messrs. Guerra and Pascual responded that one way of protection is to send e-mails with a number of copyreaders, and that monitoring by CS of the surveillance authorities is the most efficient protection.
- Swiss participant asked that while Swiss authorities undertake surveillance of citizens, they indicate to the public that “the data is well taken care of, do not worry”. The panel commented that the surveyed data should be presented to the people to convince them of the risk of privacy invasion.
Conclusions
CS has large roles to play in the privacy protection where electronic information systems are widely used by citizens. Awareness raising of the citizens of risks of the surveillance by intercepting electronic information and monitoring of surveillance authorities are major examples of those roles. These CS roles should be included in recommendations by the Working Group to the World Summit on Information Society
(WSIS)
 Click
here for all available presenters' documents
Click
here for all available summaries
 Please
read about the summaries
|
Visits & Presentations: Visit to the World Health Organization