As Internet usage expands from PCs and smartphones to wearables, connected cars, and smart homes, cyber security is becoming an increasingly important aspect of our daily lives. It affects us on an individual basis as well as a community. We voluntarily give our data to companies in order to receive services free of charge, but we are also under surveillance without our knowledge. The more we share our data, the more we lose oversight of who has access to what, and whether access to this data will be used to protect or attack us. How can we defend against cyber threats in the future and achieve a balance between the protection of privacy and our desire to feel safe?
On May 21, 2015, legal and technical experts from the Washington and Lee University School of Law, Albert-Ludwigs-Universität Freiburg, and Leipzig University convened at the German Center for Research and Innovation (GCRI) in New York to address these questions during a panel discussion on cyber security and ethics. This panel was moderated by Prof. Steve M. Bellovin, Percy K. and Vidal L. W. Hudson Professor of Computer Science at Columbia University. Dr. Joann Halpern, Director of the German Center for Research and Innovation, welcomed the speakers and opened the discussion by introducing the topic and addressing some of its current challenges. Prof. Peter-André Alt, Director of the German U15 e.V., then briefly presented the work of his association before handing over the floor to the speakers.
Prof. Stephanie Schiedermair, Chair of European, International, and Public Law at Leipzig University, examined the issues concerning cyber security from a legal point of view. She explained that cybercrime is usually an international act, which makes international law especially suited to fight it. She compared practices in Germany to those in the U.S., and said that German law has more binding regulations for companies to provide higher levels of security, whereas U.S. law primarily asks for self-regulation. While Prof. Schiedermair found international law to be the best suited to addressing cybercrime, she also noted some problems in its implementation. The variety of legal systems and perspectives of different countries makes it difficult to bring nations together to establish international treaties. It can also be very challenging to find the perpetrator of the cyberattack in the first place, which is to date one of the fundamental issues. She concluded by stating that lawyers will continue to rely on the help of technical experts in the future to overcome many of the challenges.
One of these experts, Prof. Günter Müller, Director of the Institute of Computer Science and Social Studies (IIG) at the Albert-Ludwigs-Universität Freiburg, gave the next presentation. He began by quoting Tim Berners-Lee, a British physicist and computer scientist, who stated, “the Web is critical not merely to the digital revolution, but to our continued prosperity—and even our liberty. Like democracy itself, it needs defending.” For Prof. Müller, “defending” means that every company that possesses data about an individual should delete the data when a customer asks it to do so. In his talk, Prof. Müller also summarized how the Internet has been perceived at different points in history. In 1969—the year of early-stage Internet—the Internet was primarily understood as a platform for, “information transfer to everyone without borders;” in 1996, the Internet was viewed as a way to, “share information with everyone.” Prof. Müller found neither of these statements to be entirely true anymore and said that this universal concept of the Internet now ceases to exist. He compared the exclusive access of data that companies collect about us to a wall that keeps us away from information. He concluded by demanding that user migration between companies should be allowed and data should be accessible to all. Using the words of former U.S. president Ronald Reagan, Prof. Müller exclaimed: “Tear down this wall!”
Prof. Russell Miller, Professor of Law at Washington and Lee University School of Law, discussed the issue of how notions of privacy varied by country, comparing Germany and the U.S. in particular. For example, some German universities have given honorary degrees to Edward Snowden and some German cities have even named streets after him. In the U.S., however, the Snowden issue has either been met with disinterest or dismay. Prof. Miller found two reasons for this: First, the countries’ different histories and political cultures, and second, the differences in constitutional law between the two countries. Much of the dismay in Germany builds on the assumption that Germany and the U.S. share a common cultural background in terms of values, but one of the lessons of the Snowden affair is that we may have very different values, especially with regards to constitutional differences concerning privacy. The constitutional texts are different as is the jurisprudence by the highest courts. Both constitutional regimes strive for a very different understanding of a state under the rule of law. At the end of his speech, Prof. Miller asked: “Is it true that the German constitution is providing more protection of privacy? And is the Germans’ assumption that their constitution provides more protection true or false?”
Prof. Müller and Prof. Schiedermair both agreed that German law does not in fact account for more privacy. Prof. Müller explained how data collection has become a personal choice with people deciding, for example, to click “Agree” on a website’s “Terms of Services,” which technically makes them accountable for the sharing of their personal data. In response, Prof. Schiedermair called for data protection laws that are less complex and sophisticated and more practical. Another point of discussion was how to define security and privacy. Prof. Miller argued that security is fundamentally socially and legally contextual. If the political elite are isolated from their electorate, then they have more flexibility to decide how much security they owe the public. He stated that this could be observed when looking at the German government’s reaction to the Snowden revelations. When it was revealed that the NSA had conducted surveillance on German citizens, the government kept relatively quiet. Only when the news broke that the NSA had wiretapped Chancellor Merkel’s cellphone, did the government strongly react. “Security requires sensitivity to history and political culture, so that rules out a universal solution,” Prof. Miller concluded. In the Q&A that followed, the speakers fielded questions from the audience that ranged from the feasibility of international collaboration on cybercrime to the ethical implications of mass data collection.