Privacy International at Rightscon 2019

pi @ rightscon tunis

Rightscon is a yearly conference on human rights on the digital age organised by Access Now that started in 2011, which will take place between the 12th and the 14th of June 2019 in Tunis. It brings together business leaders, policy makers, general counsels, government representatives, technologists, and human rights defenders to connect, strategize, and discuss the future of the field.

Privacy International and organisations that work with our International Network will participate in the event, participating in panels and roundtables on issues such as business and human rights in technology, digital identity, biometrics, data protection, internet of things, counter terrorism, international trade and data governance, cybersecurity, among other related topics.

You can follow us on Twitter: @privacyint, @panchovera, @ilia_siatitsa or on Mastodon: @privacyint@mastodon.xyz. Here is a selection of activities that we will be taking part in:

Wednesday 12 - 2:15-3:30pm: Are we seriously going to trade away our privacy like cars, rice, or bananas?

When data becomes a commodity, privacy is treated as a trade barrier. Policymakers are using this logic, and therefore privacy and data protection rules are undermined by binding, enforceable trade agreements. Trade deals containing data governance rules are crafted by technology companies who are the only stakeholders represented in the negotiations. The session will discuss these issues, and what can we do to shape the current discourse.

In Privacy International we have been working with partners on bringing a public interest and human rights perspective to international trade discussions, facilitating discussions with civil society, scholars and trade negotiators in the UNCTAD eCommerce week over the last two years.

Wednesday 12 - 2:15-3:30pm: Government Hacking: Corporate Resistance or Assistance?

Legislation in Australia, the UK and other countries enables authorities to compel communications service providers to assist with government hacking, also known as “equipment interference” and “remote computer access.” These assistance mandates often come with gag orders that bar the company from disclosing the actions it was compelled to take, stifling public debate about them. What kind of conduct might be considered “government hacking” and in what circumstances can it be justified? What is it reasonable for users to expect of companies when it comes to resisting government hacking? Are such accords sufficient, or does legislation need to be adopted to rein in government hacking?

Read about our legal challenge against UK's hacking powers. Privacy International recenlty won our appeal to the UK Supreme Court. The Supreme Court held that the UK Intelligence Powers Tribunal is subject to judicial review. This means Privacy International can continue its fight regarding the the UK Government's use of general warrants to hack inside and outside the UK.

Privacy International always supported a human rights approach to surveillance. This is why we developed 10 necessary safeguards for hacking. See also our briefing on the matter.

Wednesday 12 - 3:45-5:00 pm: Tracker versus Trackee: The chasm between individuals’ understanding of online tracking and the real data collection (and processing) power of trackers and what can be done to bridge the divide

Consumer Reports and Privacy International will report on their work investigating and challenging how people are tracked and profiled. Privacy International will present and detail their work on data brokers and adtech companies (November 2018) and apps tracking (published December 2018 and updated in March 2019), and Consumer Reports will present their work on online tracking and the consumer’s understanding of such tracking techniques. These projects focus on the lack of transparency and accountability in the use of tracking and how difficult it can be for individuals to understand and challenge such tracking. The goal of our session is to seek feedback on the issue of how to bridge the gap between consumer understanding and the realities of tracking technology.

Wednesday 12 - 5:15-6:30pm: Biometric Technologies and Data as Tools for the ‘Responsible’ and ‘Proper’ Identification of Terrorists: A human rights inventory

The distinct value and practical benefits of the use of biometric data is increasingly considered in counter-terrorism regulation, and reflected in the UN Security Council  requiring States in its resolution 2396 to “develop and implement systems to collect biometric data”. Despite the rapid advance of biometric technology and its widespread usage, human rights analysis and guidance on its use remains limited and underdeveloped. Also, while resolution 2396 calls on States to implement their obligations relating to biometric data collection in compliance with human rights law, it does not provide specific guidance on how to achieve this nor does it set any human rights

Thursday 13 - 9:00-10:15am: Law Enforcement and the Internet of Things

In the past few years reporting about law enforcement seeking smart home device recordings and fitness device data have captured the public’s attention. It became more apparent through these stories that while “Internet of Things” devices may introduce new conveniences, they also produce more granular records about our day to day activities. And these records be of interest to the government. This panel will explore some of the privacy concerns attendant to law enforcement access to IOT data, how this data can aid law enforcement investigations and the efforts by law enforcement to ensure such access, and some of the predicted issues the introduction of IOT data as evidence in court will raise.

Thursday 13 - 12:00-1:00pm: Surveilling Dissent: Online spy mechanisms used by police against protestors

In this session, we participate along INCLO members to detail stories of how law enforcement are using digital technologies to thwart domestic protest rights. From Russia to Argentina,  Kenya and UK, the panel aims to highlights stories from different parts of the world. We will also take the opportunity to present our 'Neighbourhood Watched' campaign. Together with Liberty, we launched a campaign in the UK for the public to have a greater say as to whether their local police forces should be allowed to use such highly intrusive technologies.

Thursday 13 - 2:15-3:30pm: Before the ship sails on AI governance, let's talk about trade

Artificial intelligence (AI) systems are already playing a major role in how we live our lives on and off the internet. Since data collection has fueled the internet economy, the demand to apply logical systems to make sense of and profit off of this information has surged. This has made AI systems a powerful tool in targeted advertising, content curation, automation, and scientific research. The use of AI however, has been fraught with problems, many times arising from the inherent bias and discrimination that are too easily embedded into the algorithms. There is a growing demand for fairness and accountability in these systems. However, much of these efforts would be constrained by emerging global rules on AI in trade agreements. This panel will discuss why and how trade agreements contain AI governance rules that will define and constrain policy making at a domestic level.

Privacy International has been working with partners on addressing the human rights impact of AI systems, publishing a paper about "Privacy and Freedom of Expression In the Age of Artificial Intelligence", and its impacts on international trade discussions, discussing the issue in venues such as the World Trade Organisation.

Thursday 13 - 3:45-5:00pm: Big Data Strikes Back: Building the data protection rebellion

We aim to help building an alliance with data protection activists worldwide that would like to advocate for their countries to sign and ratify (and implement) Convention 108 of the Council of Europe on data protection and implement national data protection laws. Convention 108 is open to signing and ratification from any country in the world (not only CoE countries) and it sets the highest standards for data protection worldwide. However, not many countries have signed and ratified the Convention.

Read more about Privacy International work on modernising data protection law.

Thursday 13 - 3:45-5:00pm: Data Protection and Refugees: Informed consent in asylum process and access to aid 

Refugees are the target of surveillance in host regions like EU and US, and often the organizations that are designed to protect them share information about them without their consent. Refugees must give biometric data, as well as very sensitive information about why it is that they left their country and why they are afraid to go back. This information might include details about war crimes, crimes against humanity, or sexual violence--information that is extremely sensitive and must be protected. In this session, we discuss about the viability of using informed consent as a basis for data collection in asylum process and access to aid.

See our report with the International Committee of the Red Cross where we found that practices of humanitarian sector are leaving aid recipients at risk.

Friday 14 - 12:00-1:00pm: AI and Privacy: Challenges and ways forward in the Global South

AI has been recognized as an enabler of the SDGs supporting States in the implementation of the 2030 Agenda. However, the deployment of AI in the Global South faces challenges and may bring about particular risks to the enjoyment of human rights, including the right to privacy. One key problem is that most of the debates around the opportunities and challenges afforded by AI are taking place in fora reflecting the views, experiences and interests of stakeholders from the Global North. Moreover, many countries lack institutional and legal frameworks for dealing with AI-related privacy threats. This roundtable will map challenges to the right to privacy brought about by AI in the Global South, addressing different related questions, whilst connecting key actors and identify the next steps to be taken.