European Security Research and Innovation Forum (ESRIF) has released its final findings a 323 page report on aspects of European Research and Innovation to enhancing the security of European citizens.
From a human rights and privacy perspective the reports main statements and recommendations raises hope for a new sustainable agenda of immense impact on European and global security. These aspects are pointed out several places in the report. For instance with this message (on page 12):
“Protecting the EU’s population and infrastructure must resonate with good governance, common economic sense, and respect for fundamental rights and Europe’s cultural values. For ESRIF, gaining a competitive advantage and leadership position in the global security market for Europe must reflect European values.”
And further on page 21: ” Surveillance is increasingly a central element of security management and takes place through a number of means, from closed circuit television to various biometric tools. As these tools are developed, the impact on European values of the relation between surveillance and civil and human rights, the place of new technologies in society role, their role in security crises and their consequences for the individual remain poorly understood. Future research and innovation should carefully assess these societal questions and their links with Europe’s security”.
In the public debate security and privacy is often characterized as a zero-sum trade off in the sense that any gain by one side is offset by an equal loss on the other side. But this is not necessarily true for tradeoffs between privacy and security and the report challenges this presumable dicthomy. In this connection I would like to highlight this passage:
“A primary task of ESRIF is to develop criteria and guidelines for security technologies and measures in line with human rights in general and with the protection of privacy. Security technologies that are consistent with and enhance privacy should allow the security industry to develop widely acceptable security products. Integrating privacy in the design of new security technologies and systems will be a competitive advantage for the European security industry. It should be possible to implement them in such a way that in the future more security does not imply a loss of privacy.”
Further it is stated that ESRIF advocates implementation of a ‘privacy by design’ data protection approach that should be part of an information system’s architecture from the start. “To ensure real effectiveness, this privacy-by-design” protection should combine general privacy controls, a separation of data of different streams, privacy management systems, and effective ‘anonymisation’ of personal data. Research in these areas must be pursued to ensure that effective solutions are available as soon as possible” (page 31).
ESRIF also have as a key message “the promotion of a security by design approach in any newly developed complex system or product, ensuring that security is addressed at the point of conception, as it has been the case for safety by design”.
This could be considered as a new research and innovation challenge embedding from scratch both privacy and security instruments being of equal importance and necessity in the process from concept and design to system development and operation. Maybe it would call for a new term to clarify this research and innovation approach ? For instance: “privacy and security integration by design” ?
From the report I would also like to mention the key message that “education and scenario-based training contribute significantly to the overall acknowledgement and recognition that security is a common responsibility of all stakeholders, especially, policymakers, regulators and citizens.” In a recent post I have pinpointed the importance of education and learning in regard to privacy and data protection due to the same reasons.
I have also given special attention to the reports statements about biometrics in a post (in Danish) on the blog of Danish Biometrics appreciating in particular the message that ” The EU Commission itself has classified biometrics as a privacy enhancing technology and it is understood that the Commission would wish biometric technologies to be developed more towards the preservation of users’ privacy”.
I highly recommend reading the report which can be downloaded here.
Read the preliminary reaction of the EU Commission to the ESRIF final report here.