Politics, security technologies, and civil society: the missing links
for freedom. Flickr/Ashiful Haque. Some rights reserved.It looks
like an ironic twist in history: liberal democracies at the beginning of the twenty
first century seem to emulate imploded communist dictatorships of the second
half of the twentieth century in their
surveillance and control practices.
The rapid
development and wide availability of technologies, such as telecommunication
data mining technologies, profiling and predictive analytics, biometric
identification and pattern recognition, location tracking technologies, as well
as surveillance in the form of unmanned aerial vehicles (UAVs) and closed-circuit television (CCTV), has
obviously increased the propensity of state agencies to make use of them.
Security
technologies enter into and transform the relationship between state bureaucracies
and society in a way unforeseen by Thomas Hobbes in the sixteenth
century, or by Michel Foucault
in the second half of the twentieth century. This ambivalent co-evolution of the
state-technology-society relationship has given rise to phenomena as different
as the Arab Spring and massive data retention practices by several national
governments across the globe. the economic and political stakes are thereby so high that such
phenomena become of geo-political, superregional salience.
Most
political efforts to cope with insecurities end up resorting to increased control, while citizens’ waning trust in public authorities often gets left out
of sight/ out of mind. Trust seems, however, to be a key factor in all security
strategies.
The ill-defined concept of security
Gradually
over the past decades, domestic and foreign dimensions of security have got
merged, and increasingly, more aspects of social life, such as health or the environment, and their connection with political realities across the globe became securitized, often under the label of “human security”.Gradually over the past decades, domestic and
foreign dimensions of security have got merged.
Thereafter,
the attacks of September 2011 in the US provided the master narrative for the emergence
of a novel kind of all-encompassing “homeland” security, or “security of the
citizens” paradigm, as the more colloquial term in Europe has it. In this
paradigm, distinctions between safety (referring to protection from accidents),
and security (referring to protection from intentional attacks), are getting increasingly
blurred, so that pre-emption appears to be the opportune strategy to cope with
the sources of threat.
Already centuries
ago, “security” probably had such fuzzy, ill-defined contours. But it is currently
becoming evident to more people that security strongly resembles a “wicked problem”. Wicked problems are
generally defined as the result of plural interests and value divergence among
stakeholders; institutional complexity due to multi-level and inter-organisational
governance; and, not least, scientific uncertainty regarding reliable
cause-effect relationships.
First,
the issue of uncertainty in reliably estimating
cause and effect and taking adequate action has given rise to risk,
vulnerability and resilience discourses. Second, there is the issue of the complexity of actors involved in
decisions, who occupy different regional, national, international governance
levels, and are embedded in different epistemic networks. And, third, an ambiguity in values occurs in the very
attempt to define and so agree upon desirable and acceptable security policy
objectives.
Those
three dimensions turn “security” and practices of security provision into a highly contentious field, where the problem
never enjoys unequivocal definition, and the available solutions dictate the strategies to address the problem, instead of vice-versa. There have been
several demonstrations of “clumsy” solutions given to current challenges to the
protection of urban critical infrastructure, border control, “illicit”
migratory movement and human trafficking, counter-terrorism and
anti-radicalization policies, transnational organized crime, and cyber-security. The efforts
by European and national agencies to cope with unprecedented immigration flows
by monitoring borders via location and tracking technologies, certainly
demonstrated poor grasp of background dynamics of the problem.
Politics: opportunism and reactive actionism
How do
decision-makers cope with the wicked triangle of complexity, uncertainty, and
ambiguity? Security policy is a high risk/high gain game for political decision
makers. Security policy is a high risk/high gain game
for political decision makers. As even one single accident or attack
might prove fatal for their careers and for the longevity of governments –
politicians and policy makers in agencies with a security-relevant mandate tend
to think in worst-case scenarios. Having said that, one should recognise the existence
of cleavages which run across political parties about issues of border control,
data protection, or public surveillance, but also of occasional controversies
among the executive, legislative, and judicative branches of government.
Not
least, one should take note of the tensions between policy makers in the
administration, often technocrats following bureaucratic routines, and
politicians, frequently captive to party politics, prone to shifting agendas opportunistically. Academic political analysts
often get this wrong, but policy makers care less about the consistency and coherence
of their strategies and measures, and focus instead on two very different Cs: compatibility and political commitment. Compatibility, in the
case of security policy, is sought with regard to policies in other fields,
e.g. justice, or industrial and trade policies, which are also vital for perceived
‘national’ interests and have to be reconciled with security considerations.
Commitment, on the other hand, is a result of advocacy coalitions which promote
specific framings of an issue, advancing it until it becomes a
security-relevant problem on the agenda. Both latter Cs reflect the workings of
politics behind the policies, even if
this makes policies appear to be incoherent and inconsistent, and also, at the end
of the day, ineffective.
Security
policies remain, due to at least some of the above reasons, almost always
reactive in character, and, despite respective political declarations, they
seldom live up to the claim to be proactive and anticipatory.
Massive
data collection and retention by national authorities has often been justified by security authorities as a pre-emptive measure, yet their link to effective prevention is far from being unequivocally documented and legitimate. Events such as terrorist attacks, or leaking revelations like those
reported in the media in the past couple of years, trigger (more) legislation,
and (new) measures in an actionist manner,
by which I mean that it is more important for politicians to be seen to be doing something than actually doing anything – preferably
announcing the intensification of one or other measure, or the introduction of
exceptional emergency provisions, in order to demonstrate in front of camera
crews that the state is in control of the critical situation. This
happens almost always after negative headlines appear in the media, and after
citizens get out in the streets to protest.
Actionist
and symbolic security measures dominate policy, and are usually passed through
parliament with TINA (There-Is-No-Alternative)
arguments. What is more, political decision-makers often drastically reduce the
complexity of security challenges by pointing e.g. either to concrete “weak spots” in
critical infrastructure grids, or to “suspect telecommunications” among
potential agents of terrorist acts.
By
pinning down the problem, policy makers furnish it with intelligible contours.
This enables them to promote particular solutions, even if the problem analysis
is based upon a simplistic diagnosis, and the solutions resemble – at best – symptomatic therapies. Such
solutions in security policy are premised most of the time on formulas of the
type “the more X we do, the more secure we are”,
whereby x often stands for “control”. However,
whenever security policy formulas of this type disregard second-order
non-intended effects of purposeful action, or laws of diminishing
returns, they turn themselves into security risks.
Security technologies: the mantras of high-tech
“Solutionism” and data “Collectionism”
The boom
in recent years of ICT research, combined with spill-overs from technologies
originally developed and applied for either defence or medical purposes, opened
up the possibility of transferring those or hybrid forms of technologies into the
civil security field. An example of that kind of “function creep” is heart-beat
detectors, first used on the Iraq war battlefield in 2003, which have ever
since found broad usage in border control for detecting living beings
transported in containers, but also in crisis and emergency management, for
locating survivors under debris.
Technologies
such as RFID ( radio frequency identification), location and remote tracking technologies, terahertz
radiation, or pattern recognition, have found wide “dual use” both for military
and civilian purposes in unmanned aerial vehicles (UAVs), body scanners, or
CCTV in public spaces. A similar ambivalence exists for deep packet inspection
and information extraction technologies (DPI), which may be used in
telecommunication interception at once for increasing the resilience and safety
of a network, for commercial advertising, but also for warrantless intelligence
and censorship purposes.
The
industrial supply of security-relevant technologies has gradually created and
consolidated the market demand for them, not least due to the allocation of research funding for their development and their endorsement by
public authorities.
The
global security industry, although not always easily identifiable or
distinguishable from its older and much better established defence ‘sister’, develops
security relevant products with a turnout of an estimated € 200 B, a major part of which comes from European industry. The security
technology sector, surveillance technologies in particular, has been a fast
growing sector even despite the financial crisis, with the demand from public
and private security providers rising year by year since 2010. A considerable
number of European policy makers see in the deployment of high-tech solutions
the major component for security measures. Moreover, this has proved
to be beneficial not only for export and industrial competitiveness policies,
but also for employment policies (an estimated 2.3 million people work in that
industry).
A related trap to that of technological
solutionism has been the (revealed) trend to indiscriminately collect huge
amounts of citizens’ transaction data. A related trap
to that of technological solutionism has been the (revealed) trend to
indiscriminately collect huge amounts of citizens’ transaction data. The
current mantra of “big data” mirrors the optimistic expectation in public
health, conflict management, and increasingly in public security, that
collection of more data processed automatically by algorithmic provide
security practitioners with reliable profiling of suspects and predictions and threat patterns.
Yet, so
far, this high-tech-solutionist and data-collectionist paradigm in security
policy seems to so far lack the plausible evidence base required to gain legitimacy. Evidence
about success in prevention and mitigation of attacks, but also about failure
and undesirable performance of security measures is rarely accessible, often
for “security reasons”, but also because effectiveness in performance is not systematically monitored. Is the application of all those
technologies in their concrete societal contexts fit-for-purpose in terms of delivery?
Or do security measures suffer from a “hammer-nail” bias, where the supposed security
challenges are being tailored to match the respective solutions? Are the deployed technologies effective and proportionate, that is, do benefits outweigh
costs? Last, and certainly
not least, are those technologies ethically acceptable and in line with existing
legal provisions?
Experience
so far has shown that with regard to screening and profiling technologies too
many type-I (false positives), and type-II errors (false negatives) occur,
which curtail their effectiveness, credibility and acceptability in practice.
It is also far from clear how security analysts navigate in the ‘soup’ of big
data in order to pick up the needle in the haystack. The volume of rapidly
accumulating data is overwhelming and it seems higly questionable that security
authorities can make sense or appropriate use of them. Can it be that, more often
than not, good old profiling methods, which definitely discriminate against
social, ethnic and religious groups, come into play? Are those technologies also effective and proportionate, that is, do benefits outweigh costs?
The demand
that security policies demonstrate when security tools deliver on their set objectives, and do not misfire, by being irrelevant or ineffective, causing opportunity
costs, or even backfire, by having
counterproductive boomerang effects, such as the violation of
anti-discrimination provisions and civil liberties, is legitimate.
Corrective measures promoted by technology developers and often readily accepted by
policy makers promise to reconcile security objectives with privacy requirements.
These comprise, for example, privacy-by-design (PbD) or privacy enhancing technologies (PETs) as add-ons. Something stays, nevertheless, in the blind spot of such approaches: using technological fixes to amend problems caused by
technologies themselves is caught in an infinite Red-Queen’s race. This paradoxical
effect of having to speed up in order to keep pace with these developments was sarcastically
described by Lewis Carroll in 1871 in the story of the red Chess Queen, who
instructed Alice: “Now, here, you see, it
takes all the running you can do, to keep in the same place.”
The citizens: do frogs in boiling water
come to mind?
Can it be that, more often than not, good old profiling methods, which definitely discriminate against social, ethnic and religious groups, come into play?Do
citizens run fast enough in order to save themselves from threats, but also in
order to escape all the undesirable consequences induced in our societies by
security technologies? The current picture is rather mixed across Europe. Unlike
the organized civil society and activist pressure groups for digital rights and civil liberties, which are well informed and actively engaged in promoting their
agendas, citizens in general do not seem particularly mobilized against the
negative consequences of intrusive practices by state authorities.
A recent
Eurobarometer survey on Data
Protection conducted in March 2015, revealed that almost 50% on average of
the respondents in the 28 EU member states had not heard about revelations
concerning public authorities which collected citizens’ data for national
security reasons (p. 23)
Half of
those aware of the recent revelations stated that they had had a negative
impact on their trust about the usage of their data, while 40% stated that
there had been no impact on their trust (p. 25)
In the Eurobarometer
survey regarding “Europeans’ attitudes towards security” conducted again in March 2015, the impact of
new internet, smart phone, etc. technologies upon the rights and freedoms of
citizens, but also upon the security of citizens has been assessed by half of
the respondents in both cases as positive (p. 49)
However,
55% of the respondents believe that fundamental rights and freedoms had been
restricted in the fight against terrorism and organised crime, while roughly
40% thought that no serious restrictions had taken place (p. 45)
Responses
to surveys fluctuate of course in time due to citizens’ reactions to events such as
attacks or revelations of unsolicited state activity. Citizens who otherwise thought that
the US government did not do enough to protect them, responded in July 2013
(after the revelations by E. Snowden) in
a survey conducted by the Pew Research Center saying that the government
had gone too far in restricting civil liberties. Citizens in general do not seem particularly mobilized against the negative consequences of intrusive practices by state authorities.
Citizens
ought to be the ultimate beneficiaries of security measures, and, in any case,
they are the ones who get primarily affected by them, although they have no
voice at the decision table.
Most
policy makers conveniently – and erroneously – equate important “societal dimensions” of security
with citizens’ acceptance of invasive security technologies. Something similar
occurs whenever “ethical” concerns are narrowed down to compliance with data
protection guidelines. In discussions about responsible security R&D, one
should not conflate acceptance of
e.g. surveillance technologies, which is always a snapshot of public opinion,
with its acceptability, which
provides a list of criteria for conditioning technology application in
correspondance to cultural values, principles, and laws.
Citizens,
furthermore, weigh and, explicitly or implicitly, make trade-offs in their preferences and priorities in terms of their
wish to be secure, but also to be active in social media and networks, or or to
conducti business. It might well be that many gradually get used to the fact
that circulating and exposing personal data increasingly and inadvertently becomes a normal
part of the everyday life. This development brings to mind, at the same time, the
brutal, but very instructive frog experiment. One frog is thrown into a pot
with boiling water: it immediately springs out and saves itself. A second one
is already in the pot from the beginning and gets gradually heated with the
water. It stays there and does not attempt to jump out before the water starts
to boil…
Security as a public good
It makes
a difference how security is framed each time by different influential
stakeholders from politics, industry, academia, to civil society. Is it about
securing borders and critical infrastructure? Is it about securing national
sovereignty and protecting citizens? Is it about freedom from fear? Awareness-raising
and informed public debates about desirable and undesirable security
policies, their benefits and costs to various stakeholder groups in society,
cannot be meaningful if one side reacts with ‘moral panics’ while the other conceals mistakes and does not seek
responsible and sustainable ways to address security threats, with society and not against it.
Security
is mediated and valorized by trust.
Even if citizens were to get used to the side effects of the increasing
application of security technologies, trust in public authorities would still define the relationship between
the state and the society at least as much as control. Trust
defines the relationship between the state and the society at least as much as
control. And from a governance perspective, the law of diminishing returns demonstrates an ominous security
paradox. When more invasive security controls are conducted, a tipping point
will be reached after which trust of citizens will be undermined instead of
being raised, and citizens will feel less secure.
The blind
spot in many political declarations about public security is that they neglect,
deny, or distract people from non-intended and non-anticipated impacts of the security
measures themselves. A medical metaphor from public health should elucidate
this point. Effective therapies are premised upon good diagnoses of the
disease, along with a clear understanding of the ultimate goals. Even the best
medication can unfold its beneficial effects only if applied properly and in a
proportionate manner within a narrow zone of cases. It can be ineffective, full
of side-effects, or even lethal if used to cure all the other cases. Needless
to say, the active cooperation of the patient is almost always crucial for the
success of the cure.
Unlike in
the field of public health, evidence-informed decision-making for checking the effectiveness
and efficiency of measures is largely missing from public (and also
international) security strategies, so that some obvious mistakes are being
repeated again and again. ‘Evidence’ encompasses here a broader knowledge base
than purely scientific facts, and includes values and principles, minority
group concerns and sensitivities, and also cultural and institutional
realities.
The more
complex, uncertain, and ambiguous the policy challenge is, the earlier, and the
broader the engagement of societal stakeholders should be. To be sure, this
will not make issues such as counter-terrorism, border control, or surveillance
and data retention less contentious, or their politics less adversarial. Security,
privacy, ethics, fundamental rights will remain moving targets for national and particular international policies and regulations, and will resist once-and-for-all settlement. Yet, turning civil
society from passive addressee of policies into active agent will help to ground
security practices to the everyday realities of the citizens. To foster
dialogue about insecurities and the appropriate ways to address them, all sides
should overcome simplistic stories that impede open dialogue about what should
be regulated and how.
Engagement,
when it comes too late, often takes the form of protest. Many wish that
citizens could get mobilized earlier with a constructive view on the future,
and reflect upon how their lives should be in 10 or 20 years from now. In equal
access multi-stakeholder exchange, political decision-makers should consult
about desirable and feasible goals of security measures, about valid diagnoses
and rankings of security threats, as well as about legitimate, accountable, and
effective security policies. Inclusive ways of exchange in democratic contexts
should help to minimize populist ideological assertions, or particularistic
accounts of private interests, and enable security policies to adhere as closely
as possible to an identifiable public interest.
While
increasing technologization tends to depoliticize and commodify security, this
is the point in time where polities should start thinking of security as a public good, where all involved are
potential winners or potential losers.
There is an acute and growing tension between the concern for safety and the protection of our freedoms. How do we handle this? Read more from the World Forum for Democracy partnership.