SMART Surveillance Conference

I just returned from a conference on SMART Surveillance, which stands for Scalable Measure for Automated Recognition Technologies.  It is an effort sponsored by the European Commission that involves several university and researchers to draft an EU Directive.  You can read the particulars here, but essentially its an effort to outline a legal and operational toolkit for police and security personnel for the use of technologies that collect and process data in an automated manner.

The project is headed by the University of Malta’s Department of Information Policy and Governance, one of my Fulbright-Schumann hosts, which works with many partner groups.

The discussions were enlightening for a number of reasons, but as someone who has always been fascinated by the process by which decisions are made, it was especially interesting to watch.   The majority of my work in monetary relations has been at the executive level.  These are, for the most part, political decisions since many of these persons are not experts, but they do set the agenda for things to go forward – meaning they tell the experts to make it happen.  There are, of course exceptions, sometimes the executives come from one of these expert areas.  This was the case with Helmut Schmidt and Valery Giscard d’Estaing who served in their respective government finance and banking offices, became Chancellor and President, and then pushed through the European Monetary System, which was the precursor to the Euro.

For two days, I sat with these experts and watched them offer different perspectives to influence the wording of one draft Directive. Think of an EU Directive as a standard set of rules for Europe – it is then up to the national governments to pass laws that reflect these principles in their home countries.  So, sometimes (OK, all the time) you get variations.  In some states they’ll do the minimum; in others they’ll go above that, or they will already have stronger laws on the books and make sure the Directive doesn’t water them down.  By contrast, a Regulation sets down ONE law for everyone. Regulations are not easy to make.

You can begin to see the complexities of the past two days I’m getting at here, and this project began in 2011.

Ladies and gentlemen, the project’s aims are immense, and this process is daunting because of the groups immediately  involved. Lawyers, Human Rights activists, academics from sociology, informatics, engineering (and more), members representing the private sector, the European Commission, the European Parliament, national intelligence services, police ,  data protection authorities,  and INTERPOL – and more.

After they revise the draft, it will go on to be scrutinized by several European institutions, and change there as well.  Many of us Americans understand the difficulties of getting the US Congress to agree on just about anything these days, but the process of policy-making in the European Union is more complicated.  There are the groups I mentioned above, who all have interests at stake, but there are also 503 million inhabitants, with and 28 sovereign governments which will also have a say in the matter and be impacted by the introduction of this draft.

The general lesson here that I wish to impress is that the EU is very diverse.  Many Americans (and some of my fellow academics) have a tendency to think of Europe as a homogeneous entity.  It is not.  The European Union as an organization is complex, and the national identities, interests, and historical experiences are still very much alive to affect the process.

And then there are the laws.  As I said, we were discussing an EU measure that will impact all the member states, should it be adopted.  Time and time again we were reminded of the legal differences among them that had to be taken into consideration.  Then there were the conflicting interests (and terminologies) among the groups present.  Police and intelligence officials felt that they didn’t have enough tools to do their jobs, and this would make it harder for them to protect citizens, or that it didn’t apply to them because these technologies were being used by criminal enterprises more than the police.  (Criminals don’t have to pay attention to laws and warrants, we do.)  Believe me there were very good cases made for that.  Privacy advocates countered with the frequency of data abuses and the rights of citizens to be protected from not just the state but from private corporations.

And yes, there was Snowden.  As the only American in the room, I was asked, “Isn’t it good that there has been more debate in the US?”  Yes and no, I responded. People are talking about surveillance, but they are too focused on the government and I don’t believe there will be reform.  Oversight will still be handled internally and officials will still be in control unfortunately.  Americans seem totally ignorant of the threat from private companies.  This was the big difference I saw between US and European views.  Many, not all, Europeans are more suspicious of Google than their governments.  My guess is that it’s probably because they have protections and rights guaranteed in law to check government abuses.

For many EU politicians Snowden was a ‘wake-up’ call that Europe needed to forge ahead on its own to maintain and protect its beliefs in privacy and Human Rights – away from US based technologies.  That political will seems to be present in some circles now but it remains to be seen if we will see it implemented or if Europeans will simply wait for the next ‘revelations’ to act.

Layers, many layers, all trying to answer the question – How do we balance security and privacy?

One of my interviewees last  week observed that governments “think about the problem horizontally” meaning that there was little consideration for how  businesses operated – the groups that officials depend on to make that policy happen.  The SMART teams have tried to look at the problem both vertically and horizontally.  However, I fear some of the groups involved in the conference did not follow this example.  It’s something I have to be cognascent of as I approach the transatlantic divide too.

Next: Bruges is coming, I promise.