Fulbright Schuman

13 January 2014

Part of my motivation for this blog is to share my experiences as a Fulbright-Schuman Scholar, which is a tremendous honor.  I will be at the University Gent, Belgium with the Department of Political Science from February until March 2014, and then at the University of Malta with the Department of Information Policy and Governance from April to May 2014.

Here’s the summary of the research I’ll be doing: [with commentary] Transatlantic counter-terrorist efforts have suffered from policy incongruities for decades [The US and EU have different approaches to countering terrorism; the US has generally favored a military approach since it mostly experienced terrorism in the context of Cold War animosities which made it a foreign policy issue. Europeans typically dealt with terrorism “at home” which nationalist/separatist groups, which meant that they approached the problem through police work and their domestic legal systems.], but the current security climate demands a cooperative approach. [Networks of political violence are increasingly global since the end of the Cold War and states must cooperate if they are going to combat these types of issues – hello technology and globalization!]

This research develops a theoretical and empirical case for the use of financial data to map terrorist networks. [Governments should recognize that “following the money” or financial data, can give them another piece of intelligence in mapping terrorist networks across states.] Information Statecraft, a concept I recently introduced in Business Horizons, which suggests that a government’s ability to control and acquire data (financial or otherwise) may lend them the ability to understand and influence the policies and behaviors of other states and non-state actors. [That the contemporary international economy is fueled on finance rather than trade, which has put financial data in a unique position – the globalized and digitized world has transformed the use and character of money into data. However, governments do not hold all the data themselves, they need the help of financial institutions who do have it, and this often poses problems for banks which want to keep their data from prying (regulatory and competitor) eyes, but they also must comply with national laws.   Something I explain in my Adequacy versus Equivalency article.  Finally, there are the rights of individuals – how do demands on their data challenge personal concerns about privacy?]

Privacy & Security

The EU and US hold different views about privacy and naturally have different laws to determine who “owns” data.

The EU believes that the protection of personal data as a human right and ownership of personally identifiable information (e.g. name, face, date, place of birth, credit card numbers, and genetics) is vested to the person no matter what entity – government, another person, bank, etc. – may possesses that data, it remains the right of the individual to determine its usage. EU legislation has proactively responded to technologies that made it easier to spread information and harder for individuals to maintain control over it.  The most significant of these, Directive 95/46/EC includes the right of consent, notification of disclosure, right of access, and the right to object to the processing of data.  These laws extend to the EU’s counter-terrorism strategies, which were also shaped by its domestic experiences with political violence over the past decades.  Therefore, counter-terrorism operations within the EU are typically conducted by criminal investigation where data collection is subject to due process.

In the US, data ownership is the property of the holder, whoever that might be, and the government only regulates certain issues or groups.  To date, there is no universal privacy or data protection legislation to govern US citizen data – So, for example, the Constitution covers governmental uses of data, not private corporations like the European model.

Thus, US financial institutions (and everyone else) control their terms of service to their clientele and provide limited opportunities to “opt-out” of selected uses of personal data.  Regulation is reserved for accuracy and transparency purposes, but there is no official oversight.  Attitudes about counter-terrorism and data collection were influenced by Cold War experiences with Communism and foreign terrorist organizations, where responses generally involved sanctions or military force.  At home, the US conducted surveillance of its citizens for evidence of Communist sympathies, a practice extended to contemporary concerns about terrorism with the 2001 US PATRIOT Act, which increased the government’s data access.

These differences sometimes mean that when the US government wants to obtain a European citizen’s data (legally, that is.  It can tap into intercontinental lines outside sovereign borders, but that data still has a “landed” owner like a person or corporation), say for counter-terrorism investigations, it might run into problems because individuals have protections under EU law (specifically under Directive 95/46/EC).

But, the European Commission and European Parliament are currently debating revising 95/46/EC and transforming it into a Regulation which would create one European law.  As a Directive, each EU state is expected to enact national laws in keeping with the minimum standards of the Directive, where a Regulation creates one law to be implemented among all of them (National governments can have stricter privacy provisions if they desire).

The Current Common Question: What about the Snowden Affair?

It is no secret that the NSA has been collecting data on US citizens since its inception (For starters, see Church Committee investigations and a nice little piece about that here), but what has been particularly interesting to my ears is learning how the Agency collects and stores data, either with or without the knowledge and cooperation of private corporations.  Has this affected the transatlantic partnership?  The European Parliament and Commission have shown concern, and the case certainly has elevated the topic to the public’s attention, but its real impact is yet to be determined.  Snowden is a small part of a larger issue though.

However, my interests in privacy and data protection predate the Snowden Affair.  I want to get all perspectives about the topic – private companies and officials from both sides of the Atlantic to see how they see data in terms of their interests and their opinions about policies that rule it – or don’t.  I hope to contribute some understanding to a topic that encompasses many different groups who often do not speak the same language of interests.

All Work and No Play?!

Certainly not!  I am looking forward to experiencing some amazing things in Belgium and Malta as a Fulbrighter and I will be talking a lot about that on this blog in the months to follow.  It is an absolute privilege to be an ambassador for a program with such a rich history of promoting excellence, good will, and global understanding.  Thank you Senator William J. Fulbright and President Harry Truman!

Leave a Reply