Hey all, below are the questions we came up with after our Tuesday Meeting
and which was asked to the project director here at York. In the next days
we'll send around an overview of the answers, since the conversation was
informal, ie off the record.
Introduction
INDECT is a document analysis tool through Natural Language Processing to
create identities of people, their relations and events at which they
participate based on a data source. The following questions will be asked
to Suresh Manandhar of CS UoY, the possibility of this interview is given
only if answers are strictly off the record. The questions have been
formulated by members of the Free Culture society at the University of
York.
Questions
1) Doesn’t the Indect Project practically change the architecture of
the internet in a restrictive way, if individuals habits and behaviour
can be tracked and correlated simultaneously across the entire
network?
This project makes further development in making code the law.
This can be seen for example in an “event paired with a salient entity”
19/41 4.1
“co-reference resolution” 11/41 4.1
“Tag prediction for conversion” Supervised machine learning, translating
the internet 27/41 4.1
2)How will you avoid and elimate from a database false positives,
spamming and spurious responses and dubious accuracy of statements
e.g. seperating jokes/parody from serious threats, “Google bombing” or
malcious campaigns to ruin an individuals reputation?
For example “Joking and Spartaco on Twitter” 33/41 4.1
“Person inherits properties from agent and object” -hasRelative 4.1 31/41
3) Collect(monitor) information on everybody even innocent?
Achieved by ACE + Ontology = Extensibility
ACE characterized by:
-# of different entity types
-relations between them
-events in which entities participate
“Bidirectional many-to-many type” 33/41 4.1
4) Even though INDECT may be guided by rigorous ethics, how can you
ensure that others do not replicate a less ethical system with the
information and algorithms you will publish during the project? In
that way the technologies developed could be contributing to a
supression of legitimate protest, e.g. Chinese police forces using the
project to improve the effectiveness of monitoring human rights activists.
5) For how long will data of people who are not suspects or eliminated
will be kept for? The Data Protection Act mandates that data must be
only kept for specific purposes and deleted when no longer
required. But if data is deleted regularly to meet this legal
requirement, how much use will the system be in making correlations
with past behaviour?
“Fact of highlighting no legal consequences, no permanent record would
be kept” 2/2 Ethical focused
6)Why does the Ethical issues paper has 8 instances of “Police” and not even
one explaining the system from the users point of view?
7)Would copyright infringement be a “justified reasons for
interference”? 8/30 D0.5
“Registration and storage of only situations related to a threat,
collecting ALL(clarify) monitored situations” 8/30 D0.5
8)Isn’t transparency, correctness and privacy partly obscured or brought
into question when you say:
“No issues that could impact negatively upon
-Law enforcement capability
-National Security
-Public Safety
-Organisational reputation
should be published in the public domain” 10/30 D0.5
leading to:
9) Why is this project then being funded as R&D and not as a security
project? In the intelligence community, are there not already
monitoring systems for serious crime which partially accomplish
INDECT’s end goals or more? e.g. Echelon. It may be seen as a waste of
scarce
research money to redevelop this technology from the ground up when
the intelligence services have already built up significant experience
in combating serious crime e.g. terrorism through electronic surveillance.
10)Doesn’t automatic detection and recognition of criminal behaviour,
real time alert have a possibility of targeting someone before a
crime is committed on the basis of statistical likelihoods? 11/30 D0.5
11) Do “hackers” include people who incur in copyright infringement?
12/30 D0.5
12)Why would Facebook and other social networks make data
available voluntarily, given the negative publicity they have already
suffered
over privacy problems, and the potential for further backlash from
users? Is there a possibility that INDECT involvement may merely be
hidden away in a privacy policy with a auto check-box which no-one
reads, and thus information might be collected without user’s real
informed consent on such social networks? 12/30 D0.5
13)Does “criminal actions on the internet” include filesharing of
copyrighted content, distribution of legitimate security engineering
tools etc? 12/30 D0.5
14) Isn’t this project aimed at cataloguing a majority of people who
have nothing to hide? Wouldn’t all serious criminal gangs and
terrorist use encryption techniques, which you say will not be
scrutinized for data? Alternatively, once real systems based on INDECT
are deployed and publicised, is it not more likely that serious
criminals using plain-text would shift to custom codes e.g. using
special slang or Internet “lol-speak” that would confuse natural language
processing algorithms?
15)Just because I might be a suspect for a possible crime does that
mean the police should profile all my life, without specific evidence
linking me to the crime?
“Profiling suspected figureheads even with anonymous identities […] is
expected” 12/30 D0.5
16) Why is INDECT being funded as a research project but treated as a
security one. Will it comply with the Data Protection Act, so that
someone considered a suspect and then found innocent can check the
data that is being held about him, or will it be classified under
prevention and detection of crime?
17) ”INDECT researchers do not hold and do not intend to hold data
normally requiring a warrant or court order”(13/30 D0.5), what about
in the real system? Is a checks and balance system, e.g. judicial
review being designed as a core part of the project to monitor its
final usage?
18) “No personal data is being processed […] at current phase of
project realisation” 17/30 D0.5 isn’t conflicting with what is being
written regarding video monitoring systems installed in the Warsaw
Metro(28/30 D0.5)?
19)Could police partners be the Chinese police? 18/30 D0.5
So in the end the police will glue this project to reality?
20)Considering the ease of accessing information, who would audit logs
of INDECT lookups to make sure the threat was proportionate? For
example, the RIPA survillance powers in the UK were initially
introduced to combat similar threats to INDECT, e.g. terrorism and
paedophilia, but ended up being used to allow local councils to
monitor minor offences e.g. litter/dog fouling? Is there not a risk
that with target-driven policing and the mass monitoring capacity like
INDECT provide, it will ultimately be used to “trawl” for suspects as
a first stage, rather than a tool for targeted investigation? FAQ
21) “Detection of websites, blogs, forums that promote illegal
activities” include copyrighted content? 9/55 4.3
22) Does “email analysis” as specified in 34/55 4.3 mean that
“classified data”(6/7 FAQ) information will be analysed?
23) Can the analysis of “sequential patterns of network events” (42/55
4.3) be used for tracking for example P2P users sharing content? Is
using P2P networks even for legal purposes e.g. distributing Linux DVD
images, and use of anonymiser networks e.g. Tor going to eventually
become a risk factor and potential indicator of wrong-doing?
24)Doesn’t the phrase “INDECT is a research project, not an
implementation project […] rather than production phase product”
(18/30 4.3) conflict with “One of the main criteria for accepting
financial support from the EC for research done within INDECT and
similar project are prospects for practical implementation of research
outcomes” (3/7 FAQ)?
25)Doesnt avoiding interviews on the record spark doubts about the
intentions of the project itself? If monitoring networks based upon
INDECT demand transparency from citizens, isn’t it fair the public
receive full transparency from those involved in developing and
implementing these systems?
_______________________________________________
Discuss mailing list
[email protected]
http://freeculture.org/cgi-bin/mailman/listinfo/discuss
FAQ: http://wiki.freeculture.org/Fc-discuss
