Privacy in public spaces: what expectations of privacy do we have in social media intelligence?

In this paper we give an introduction to the transition in contemporary surveillance from top down traditional police surveillance to profiling and “pre-crime” methods. We then review in more detail the rise of open source (OSINT) and social media (SOCMINT) intelligence and its use by law enforcement and security authorities. Following this we consider what if any privacy protection is currently given in UK law to SOCMINT. Given the largely negative response to the above question, we analyse what reasonable expectations of privacy there may be for users of public social media, with reference to existing case law on art 8 of the ECHR. Two factors are in particular argued to be supportive of a reasonable expectation of privacy in open public social media communications: first, the failure of many social network users to perceive the environment where they communicate as “public”; and secondly, the impact of search engines (and other automated analytics) on traditional conceptions of structured dossiers as most problematic for state surveillance. Lastly, we conclude that existing law does not provide adequate protection for open SOCMINT and that this will be increasingly significant as more and more personal data is disclosed and collected in public without well-defined expectations of privacy

Policing faces:The present and future of intelligent facial surveillance

In this paper, we discuss the present and future uses of intelligent facial surveillance (IFS) in law enforcement. We present an empirical and legally focused case study of live automated facial recognition technologies (LFR) in British policing. In Part I, we analyse insights from 26 frontline police officers exploring their concerns and current scepticism about LFR. We analyse recent UK case law on LFR use by police which raises concerns around human rights, data protection and anti-discrimination laws. In Part II, we consider frontline officers’ optimism around future uses of LFR and explore emerging forms of IFS, namely emotional AI (EAI) technologies. A key novelty of the paper is our analysis on how the proposed EU AI Regulation (AIR) will shape future uses of IFS in policing. AIR makes LFR a prohibited form of AI and EAI use by law enforcement will be regulated as high-risk AI that has to comply with new rules and design requirements. Part III presents a series of 10 practical lessons, drawn from our reflections on the legal and empirical perspectives. These aim to inform any future law enforcement use of IFS in the UK and beyond

Demonstrably doing accountability in the Internet of Things

This paper explores the importance of accountability to data protection, and how it can be built into the Internet of Things (IoT). The need to build accountability into the IoT is motivated by the opaque nature of distributed data flows, inadequate consent mechanisms, and lack of interfaces enabling end-user control over the behaviours of internet-enabled devices. The lack of accountability precludes meaningful engagement by end-users with their personal data and poses a key challenge to creating user trust in the IoT and the reciprocal development of the digital economy. The EU General Data Protection Regulation 2016 (GDPR) seeks to remedy this particular problem by mandating that a rapidly developing technological ecosystem be made accountable. In doing so it foregrounds new responsibilities for data controllers, including data protection by design and default, and new data subject rights such as the right to data portability. While GDPR is technologically neutral, it is nevertheless anticipated that realising the vision will turn upon effective technological development. Accordingly, this paper examines the notion of accountability, how it has been translated into systems design recommendations for the IoT, and how the IoT Databox puts key data protection principles into practice.Comment: 31 page

Policing the smart home:The internet of things as ‘invisible witnesses'

In this paper, we develop the concept of smart home devices as ‘invisible witnesses’ in everyday life. We explore contemporary examples that highlight how smart devices have been used by the police and unpack the socio-technical implications of using these devices in criminal investigations. We draw on several sociological, computing and forensics concepts to develop our argument. We consider the challenges of obtaining and interpreting trace evidence from smart devices; unpack the ways in which these devices are designed to be ‘invisible in use’; and reflect on the processes by which they become domesticated into everyday life. We also analyse the differentiated levels of control occupants have over smart home devices, and the surveillance impacts of making everyday life visible to third parties, particularly the police

Towards a right to repair for the Internet of Things:A review of legal and policy aspects

The way in which consumers engage with, utilise, or discard the technologies in their lives is constantly being reassessed and changed. This paper questions what role the emergent “right to repair” could play in resolving issues posed by the increasing ubiquity of the Internet of Things (IoT). The right gives consumers the ability and freedom to fix their devices, or to fair access to appropriate services that can carry out repair on their behalf. In this paper, firstly we establish the problem space surrounding consumer IoT – i.e., devices that are interconnected via the internet, enabling them to send and receive data. We reflect on hardware, software, and data components that pose legal and policy challenges for data protection, security, and sustainability. Through a literature review we then reflect on the current socio-legal developments that support or oppose changes in the consumer IoT market in regards to repair. We then highlight gaps in the existing literature that should inform future research trajectories in this area. This includes exploring disparity between environmental and consumer autonomy approaches, assessing consistency in regulatory developments, and market prioritisation. Finally, the paper concludes with a series of key insights and recommendations from our analysis including: recognition of the growing e-Waste problem and the inequalities it exacerbates and perpetuates; the need for identification and argumentation for different formulations of “repair” and how these may impact the implementation of a right going forward; the need for identification of the reasoning behind disparities in governmental approaches to the right to repair; and the design of a toolkit to practically translate better IoT design practices into reality