This week end, I listened thoroughly to this podcast (video here) about the antagonism existing between security & privacy and I was thinking all along not getting the debate to some extent translated into other languages would be very unfortunate. I believe I could intervene in sharing it to the visitors of the CIPP Guide.
The participants tackle the deployment of cameras over Paris, face recognition, RFID usage etc. This is part 1 of the discussion, introducing the participants and the organizations they represent.
Summary of the debate “Sécurité ou Vie Privée ?” (ed: Security or Private Life) moderated by Mathieu Vidard (MV)
“Security or Privacy?”
- Do we have a choice any longer?-
Isabelle Falque-Pierrotin (IFP) – Vice-president of the French Data Protection Authority (CNIL)
Stéphanie Lacour (SL) – CNRS researcher
Meryem Marzouki (MM) – CNRS researcher
Jean-Luc Dugelay (JLD) – EURECOM researcher
Jean-Marc Manach (JMM) - internetactu.net
MV to IFP – What is the role of the CNIL?
IFP – The CNIL plays a critical role in protecting individual freedoms in the digital world. The CNIL was founded in 1978. At that time, files already existed, in particular in administrative offices and nobody really knew how they were put together. As a result some worries started to surface in France especially when the “Plan Calcul” (ed: Calcutta Plan) was launched and the idea of a unique identifier per individual working across all administrative department emerged. The creation of the CNIL appeared as an answer to these worries. It represents the first French step for setting rights over administrative files. In 2004, the law enacting the foundation of the CNIL was severely amended. This reform substantially altered the role of regulator owned by the CNIL. What is crucial to understand is that such role has to be completed by the commitment of individuals and companies.
MV to IFP – So first of all, your role is about informing people, checking, regulating and taking measures.
IFP – Absolutely, this penalization capability has been granted to the CNIL in 2004 since the Commission can decide economic sanctions against personal data processing which don’t abide by the law of 1978. Besides, the educational role is more and more important as they are files anywhere. There are public files but also a proliferating set of private files.
As opposed to the year of 1978 when 90% of the CNIL activity was about public files, today 90% of its activity is related to private files.
MV to MM – Myriam Marzouki, may I ask you to introduce the IRIS organization?
MM – IRIS means Imagine a Solidary Internet Network. The organization exists since 1996. We’re defending and promoting human rights and fundamental freedoms within IT-related activities and networks. To go on from the statement of IFP, the CNIL was founded after the very first public scandal concerning files in France. The second public scandal of the nearly same intensity came last year (2008) with the Edwige files project and thanks to a very strong citizen mobilization (around 2000 organizations) the project was withdrawn so far. And now we’re about dealing with other proposals and law projects.
MV to SL – Stéphanie Lacour, which are the technologies on top of which you are driving today your research?
SL - I am inclined to think that the topic we are discussing: Security versus Privacy is difficult to consider in very general terms, at least in my opinion it is, so I try to address it under the perspective of specific technologies and I am interested in seeing how these very material technologies (chips, nanotechnologies) impact privacy protection and the conservation of a balance established by the law of 1978 between data security, privacy protection and other imperatives such as economic or public ones. I focus on these challenges in terms of new technologies or given technologies in particular.
MM - We will talk about the citizen rights in regards to the circulating data in Navigo pass for instance. JLD, could you please do the same thing, quickly introducing EURECOM (Nice).
What kind of research do you conduct?
JLD – EURECOM is a school founded in 1991 with a heavy international call. The organization comprehend an economic interest group with an industrial department and educational department. Our research activities touch mobiles, multimedia, security, networks, new technologies in general. I am a specialist in image processing for security technologies such as digital tattoos, biometrics and video surveillance. Our goal consists in unlocking technologies to make progress in these fields.
MM - Finally, Jean-Marc Manach, what are your expectations as a journalist and blogger
JMM – I’m actually forming part of a group called Big Brother Awards, rewarding those who shine in impairing privacy or promoting surveillance. For ten years, we have been documenting year by year, the most protruding projects, law projects, technologies or companies and I mostly agree with what was said before namely it is quite uneasy to encompass this problem of security relatively to privacy in a large way as it is fuzzy. Nonetheless I can tell that the law of 1978 was adopted after an exposure in connection with police files called Safari Files, hub of every French administrative files. Today and since the adoption of the law of 2004, the police filing activity got dramatically bigger. Within three years there was a 70% positive increase in police filing activity. Even “Informatique et Libertés” (ed: Information Liberty) laws and the CNIL doesn’t prevent police filing from persisting though last year something that happened along with Edwige.
On the other side, administrative files are interconnected. There is more and more interconnected social files. At the technology level, more and more scientists are working on using biometrics, video surveillance, RFID chips and nanotechnologies for security purposes, marketing (like they say to improve customer relationship) or creating fun things to manage playing down these monitoring technologies, which are a bit scary, so that it can be massively sold out. We should not forget that all security technologies are intertwined with prosperous markets and business, which doesn’t really suffer from crisis.
MM - Ok, I think it is nice introducing what you do in detail. Are there already some questions?