Terrorism and organised crime are evolving phenomena with high societal impacts. Increasingly, criminal organisations use new technologies to strengthen their capabilities to support their activities, such as phishing kits and malware.
As emphasised by Europol
for almost all types of organised crime, criminals are deploying and adapting technology with ever greater skill and to ever greater effect. This is now, perhaps, the greatest challenge facing law enforcement authorities around the world, including in the EU (Europol 2017)
Law Enforcement Agencies (LEAs) have to “stay ahead of the curve” of the use of new technology by organised crime and terrorist groups.
Trilateral Research is working with the COPKIT project to support LEAs in reducing crime and terrorism by using data-driven policing technologies.
COPKIT constitutes a multi-stakeholder consortium bringing together industry, academia research and technology organisations (RTOs) and end-users, LEAs, as the key partners. The COPKIT solutions help to explain how the crime is evolving, identify “weak signals” or trends and send alerts about new risks. Therefore, the COPKIT approach focuses on preparedness, mitigation, prevention and other security policies.
Nevertheless, the use of technology by LEAs raises several ethical, legal and societal questions with serious implications for the relationship between LEAs and citizens.
Trilateral works on addressing ethical, legal and societal challenges related to the envisioned use of COPKIT as a law enforcement investigation tool.
Data
What types of data and how ought the data available to the police be used by LEAs? Who has access to this data within and outside the police? Which data sources are used? To what extent is our digital footprint, such as our activity on social media, private and can it be used unconditionally? What are the legal limits of citizens profiling?
Transparency
How can predictive algorithms reach their conclusions? How do the analyses work? How are they used? How effective are they in contributing to the uncertainty?
Inaccuracy, automation bias and discriminatory results
To what extent may data-driven policing tools contribute to the stigmatisation of people (vulnerable and minority groups and individuals) and places (hot spots)? Could such information as our postal codes, age, sex, race, employment status, social and family situation be used as proxies for criminality? How to design such tools to minimise victimisation? How to reduce automation bias, where human decision-makers defer to computers and accept recommendations that may be incorrect or biased?
Trilateral’s integrated data protection and ethical impact assessment
How to avoid misuse of data-driven policing tools either by criminals or by the public authorities in undemocratic countries for surveillance of their political “enemies”?
Consequently, the potential for enormous benefits of data-driven policing tools is coupled with considerable risks.
Like all tools that collect and process potentially personal data, COPKIT may interact with the rights and freedoms of individuals – in this case, cybercrime victims, perpetrators or other Internet users.
Trilateral proposes an integrated data protection and ethical impact assessment (E+PIA) of COPKIT technologies to achieve responsible use and innovation. Moreover, the COPKIT technologies require a privacy-by-design approach during the technology development and a consideration of data ethics to create a proportionate tool for related law enforcement activities.
An integrated E+PIA spans throughout the lifecycle of a project from the early design stage to the deployment of the product or service. By taking an integrated and interdisciplinary approach to E+PIA in the COPKIT project, Trilateral provides their expertise and support at every stage of the project following ethics-by-design principles. The potential ethical, legal and societal considerations are being addressed starting from design and development activities, and we will continue during the piloting of the COPKIT tools. We work in close cooperation with COPKIT partners and other stakeholders to understand and respond to their needs.
To that extent, Trilateral proposes that the foresight is conducted at two levels:
(1) E+PIA conducted by experts in law, ethics and societal impacts to ensure a high standard of the analysis
(2) a self-assessment tool for LEAs
Preliminary results
So far, as part of the E+PIA, Trilateral in cooperation with the COPKIT partners has analysed ethical, legal and societal requirements to ensure that the developed eco-system respects ethical principles, including privacy, as well as EU legal and societal requirements.
We have identified three major European acts, which should guide the COPKIT tools’ development:
(1) the Charter of Fundamental Rights of the EU
(2) the General Data Protection Regulation (GDPR)
(3) the Law Enforcement Directive, which sets forth numerous provisions that need to be respected, such as fundamental human rights including dignity, non-discrimination, privacy and data protection.
Moreover, the COPKIT project should follow six privacy principles established by the GDPR and the Law Enforcement Directive, namely: lawfulness, fairness and transparency (personal data processing); purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality.
Since data-driven policing tools increasingly use artificial intelligence (AI), they should consider ethical guidelines regarding the use of AI. To date, there are no specific principles for the use of AI in policing. Nevertheless, such tools could follow the principles drafted by the High-Level Group of Experts on Artificial Intelligence (HLEG AI), established by the European Commission.
Next steps
In the upcoming months, Trilateral will focus on solutions for mitigating potential risks related to the COPKIT tools. Moreover, we’re developing a self-assessment tool for LEAs to build co-ownership of the COPKIT tools and enhance self-reflection.
Contact our team to know more about our research in this area.
