The Contested Semantics of 'Security' and the Curious Case of Privacy Impact Assessments applied to National Security Initiatives

Conversations about security generally involve people talking at cross-purposes. The reason for this is that the meaning of the term 'security' is relative to the particular values that particular stakeholders perceive in particular assets, and the particular harm that those values might come to. Yet people seldom take the trouble to clarify which stakeholders, assets, values and harm they are talking about, even to themselves, let alone to other people.

National security initiatives inherently involve clashes among alternative scope definitions. At the very heart of the matter is the conflict involved in constraining human rights in order to protect them. Appropriate decision-making about national security initiatives is therefore entirely dependent on the application of an effective evaluation process.

Results are presented of a survey of Privacy Impact Assessments (PIAs) undertaken in respect of Australian Government national security initiatives. Despite the enormous intrusiveness of these initiatives into the rights of everyone in Australia, and the (to date) rare incidence of their use, the evaluation processes are shown to have been uniformly and seriously inadequate. Both the legislature and the executive have failed their obligations to Australian society. They continue to blindly accept a narrow and heavily biassed conception of security, and fail to impose either pre or post controls on the club of national security agencies.

Roger Clarke is an independent consultant in the strategic and policy implications of advanced information technologies, with a particular focus on eBusiness, information infrastructure, and dataveillance and privacy. He is a Visiting Professor in Computer Science at the Australian National University (ANU), and a Visiting Professor in Law at the University of New South Wales (UNSW). He has also held Visiting Professorships at the University of Hong Kong (2002-07), the University of Bern, and the University of Linz.

Agenda

| 8:30 – 8:45 | Welcome (Dariusz Kloza) | | --- | --- | | 8:45 – 9:30 | Keynote: Roger Clarke | | 9:30 – 9:50 | Discussants (Lee A. Bygrave & Rocco Bellanova) | | 9:50 – 10:30 | Open discussion with the audience |

This seminar is organised in the framework of the LASIE (Large Scale Information Exploitation of forensic data) project.

The seminar is organised in collaboration with the Norwegian Research Center for Computers and Law (NRCCL) at the University of Oslo in the framework of the SIGNAL (Security in Internet Governance and Networks: Analysis of the Law) project.

(At 14:15, Roger Clarke will speak about Regulatory Failures in the Security Space: Some Current Cases at NRCCL at the University of Oslo.)

A light breakfast will be served from 08:15 onwards. Welcome!