2:00 PM - Panel 3 - Privacy and Encryption Online
Moderator: Deborah Hurley, Harvard University Information Infrastructure Project
David Banisar, Policy Director, Electronic Privacy Information Center Ulf Bruhan, European Commission, DG XV David Jones, President, Electronic Frontier Canada and Computer Science Professor, McMaster University Viktor Mayer-Schonberger, University of Vienna, Austria / Kennedy School of Government, Harvard University. Jim Savary, York University

Report by Yaman Akdeniz, lawya@leeds.ac.uk, Cyber-Rights & Cyber-Liberties (UK)

Ms Hurley, the moderator of this session, said that privacy online is tied with privacy in the physical world. Technology is facilitating the desire to eavesdrop on communications but we do not want usual day life communications to be heard all the time. Ms Hurley is also involved with providing NGO participation to the OECD Ministerial conference which will take place in Ottawa following today's GILC conference.

David Banisar, Policy Director, Electronic Privacy Information Center, launched a new report which he is one of the primary authors. The report is a Global Internet Liberty Campaign publication and entitled "Privacy and Human Rights: An International Survey of Privacy Laws and Practice," October 1998, at http://www.gilc.org/privacy/survey/ written by Privacy International with a grant provided by the Open Society Institute. Banisar is also the co-author of a book entitled The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age of Surveillance, New York: John Wiley & Sons, 1997.

Banisar stated that the new Privacy and Human Rights report reflects an earlier GILC report entitled "Cryptography and Liberty: An International Survey of Encryption Policy," Washington DC, February 1998, at http://www.gilc.org/crypto/ crypto-survey.html.

Banisar, coming from an insignificant small country called the USA with no privacy laws stated that his small country prefers self regulatory solutions for online communications and according to Banisar, the "US is out of step with the rest of the world" and this has been shown in the newly launched study by the GILC.

This new report provides details of the state of privacy in fifty countries around the world. It outlines the constitutional and legal conditions of privacy protection, and summarizes important issues and events relating to privacy and surveillance. Among its key findings:

Privacy is a fundamental human right recognized in all major international treaties and agreements on human rights. Nearly every country in the world recognizes privacy as a fundamental human right in their constitution, either explicitly or implicitly.

New technologies are increasingly eroding privacy rights. These include video surveillance cameras, identity cards and genetic databases.

There is a growing trend towards the enactment of comprehensive privacy and data protection acts around the world. Currently over 40 countries and jurisdictions have or are in the process of enacting such laws. Countries are adopting these laws in many cases to address past governmental abuses (such as in former East Bloc countries), to promote electronic commerce, or to ensure compatibility with international standards developed by the European Union, the Council of Europe, and the Organization for Economic Cooperation and Development.

Surveillance authority is regularly abused, even in many of the most democratic countries. The main targets are political opposition, journalists, and human rights activists. The U.S. government is leading efforts to further relax legal and technical barriers to electronic surveillance. Moreover, the Internet is coming under increased surveillance.

Ulf Bruhan, of the European Commission, DG XV said that the Internet cannot be easily regulated. However, he stated, there is a need to create a regulatory environment for electronic commerce.

David Jones, Computer Science Professor, McMaster University and President, of Electronic Frontier Canada (http://www.efc.ca) presented his paper entitled "Canadian Cryptography Policy in the Global Context," focused on the newly announced cryptography policy. Jones stated that cryptography is not a secret and cryptography is needed for several good reasons including the protection of human rights issues and organisations who may wish to conduct strategic planning over the Internet.

"Our fundamental right to use encryption flows, not only from our right to privacy, but also from our rights to freedom of expression, freedom of association, and freedom of the press" said Jones.

Jones showed a diskette with a computer program on it. This program implements a strong encryption algorithm known as Blowfish, which supports keys up to 448 bit in length. "Is this strong encryption program a form of speech?" asked Jones.

"Instead of arguing about the semantics of whether programs are more functional than expressive, the focus is on whether or not the government can come up with a sufficiently persuasive justification for its restriction, and show that their limits does substantially more good that harm."

Professor Jones concluded by saying that "cryptography is not a weapon, and as the GILC has argued recently, it has no place in an international arms control treaty like the Wassenaar Agreement. Cryptography is an inherently defensive technology, that allows the protection of valuable information assets."

Mr Mayer-Schonberger explained the Austrian Draft Digital Signature Act which he was involved and said that this was widely supported within Austria. It was, however, opposed by the Austrian Ministry of Justice and Ministry of Interior together with the Federal Chancellory for obvious reasons of crime prevention.

Mr Mayer-Schonberger also explained the privatizing enforcement for Internet content and the various pressures on ISPs for content regulation and wiretapping.

James Savary, of York University (http://www.yorku.ca) and Consumers Association of Canada presented his paper entitled "Protection of Personal Privacy: The Canadian Approach," highlighted the essential elements of data protection and these consist of ownership, oversight and redress. Oversight issue will be controversial according to Mr Savary as an outside body to provide oversight is needed. This cannot be complaint driven. Therefore, oversight should be proactive, not merely active.

Redress is another difficult issue and there should be alternatives to court with tribunals, arbitration and mediation.

The Canadian approach is based on framework legislation with references as a standard or model code and this was tabled in October 1998 and they are consistent with the OECD Guidelines for Privacy. It initially applies to the federally regulated private sector; after three years it will apply to all Canadian private sectors. The new legislation builds in internationally recognised principles of good data protection.

Despite its weakness in implementation, a standards approach to privacy offers considerable promise at an international level. Canadian policy should be to continue to promote these issues at an international level.

Final Remarks by the author:

Privacy remains the far most important issue related with Internet policy making and the panel described various proposals at various levels including national and international proposals.