Data mayhem

© Shutterstock
© Shutterstock

Europe is pressing for national information systems to be made interoperable whilst at the same time developing data mining tools capable of finding and analysing vast amounts of data from different sources. The digital age is opening up a host of possibilities to security services. But strict guarantees for the protection of personal data are still lacking.

They lurk in the shadow of Europe and go by the benign-sounding acronyms of VIS, EURODAC and SIS. These are actually three gigantic databases to aid the forces of law and order in a borderless Europe. While the Visa Information System (VIS) archives biometric data on visa applicants (fingerprints and digital photos) and EURODAC stores data on asylum seekers and illegal immigrants, the Schengen Information System (SIS) contains information on individuals and objects sought by national judiciaries. Supplied with data by all Europe’s security services (only those in the Schengen area in the case of the SIS), the systems are not interconnected despite sharing the same technical platform.

Interconnection or interoperability?

Although there is no lack of eagerness to merge all these different types of data, over and above any technical difficulties that it might pose, full interconnection between these systems is prohibited under European legislation on the protection of personal data, which stipulates that data should not used for purposes other than those for which they were collected. Nonetheless, it would be possible to make the systems interoperable: there is nothing to prevent the use of software that can cross-interrogate these different data files from a single work station, incorporating and analysing information drawn from multiple sources.

Although the European HiTS/ISAC project (Highway to Security: Interoperability for Situation Awareness and Crisis management) is not directly connected with these European databases, it studies the feasibility of such infrastructure for sharing information among security agencies. A data mining tool extracts information from a number of different data files and links them together. HiTS/ISAC is currently in the demonstration phase and can be used to draw graphs depicting the relationships between different individuals and to pinpoint characteristic structures of criminal or terrorist networks.

Far from impregnable

The sheer scale of European information storage systems and the interoperability of numerous existing databases inevitably raise a string of privacy questions. It explains the public’s mistrust of these technologies. In France, the Edwige police database for retrieving information on all kinds of activists from age 13 has been met with public outrage and, in Germany, the archiving of communications and the creation of a vast ‘antiterrorist’ database have provoked a wave of protest. The United Kingdom is also regularly assailed by ethical questions concerning its database of DNA fingerprints from 4.5 million individuals involved in major or minor crime.

No wonder people are up in arms. How much trust can be placed in digital data storage tools when, in 2007, Her Majesty’s Revenue and Customs in the United Kingdom simply mislaid the personal data of 25 million individuals or when, in 2008, confidential information on 30 million Deutsche Telekom clients (including their bank card numbers) appeared on the Internet for 48 hours?

“The biggest danger is not that these tools could be used by officials who are unscrupulous about civil liberties, but that they are not secure from external intrusion or negligence,” says Juliet Lodge, European policy expert at the University of Leeds (UK). “The architecture of these security systems ought to be impregnable, which is not the case at present. The outsourcing of data storage to external (sometimes private) organisations and the vague rules on access between the various European services pose real security problems,” she adds.

Legislation struggles to keep up

Not only does Juliet Lodge warn about the insecurity arising from some of the obsolescent and incompatible computing tools used in Europe, she also says there is “insufficient political awareness of the issues associated with these technologies, which rely on obsolete legislation that differs widely from one Member State to another.” Dr Peter Hobbing, Associate Senior Research Fellow at the Centre for European Policy Studies (CEPS) in Brussels, agrees. “At present, these databases are not regulated by any overarching European instrument. It is one of the factors that make information leaks more likely.”

While this lag between information technologies and the capacity of legislators and society to decipher the real issues is critical when it comes to illegal downloading from the Internet, it is all the more critical when what is at stake is the identity or privacy of citizens. At a time when biometric passports are about to be introduced throughout the Union and a second version of the VIS is set to be launched, which will increase the potential number of connections and open up the system to other security agencies (including EUROPOL and EUROJUST), “it is no longer a question of exposing Big Brother, but of finding out who controls him and how,” says Juliet Lodge. She is calling upon members of parliament to take up the issue urgently. This position is supported by the European Parliament’s Committee on Civil Liberties, as well as the European Data Protection Supervisor (EDPS).

François Rebufat


Read more

Crisis simulation

“As crises in urban environments can prove extremely complex, leaders and operatives must be prepared to cope with difficult-to-foresee critical situations,” says Olivier Balet (FR), head of the CRIMSON software package (Crisis Management Simulation) at French firm CS Systèmes d’Information. This crisis simulator, developed as part of the preparatory actions for the seventh framework programme, uses real geographical data to reconstruct an interactive 3D simulation of complex crisis and contingency scenarios that would be difficult to recreate and validate in real conditions. In what is a virtual role play game, security service and civil defence officials can test their effectiveness under different crisis scenarios defined by one or more game masters. Using networked computers, each player visualises the situation from his or her own standpoint. Then the game masters alter the scenario and change external factors such as weather conditions, road traffic or people’s behaviour.

Several dozen services are already using CRIMSON. In addition, CS Systèmes d’Information offers specific applications to transform the simulator into a crisis management tool. For this, CRIMSON is equipped with specialist modules and databases that can be used to analyse a real situation, set up an action plan and update strategies to take into account the evolving scenario.


Media observatory

“Media monitoring is important for spotting the warning signs of a crisis and taking action to manage it,” explains Erik van der Goot, coordinator of Europe Media Monitor (EMM), a sort of media observatory developed by the European Commission’s Joint Research Centre (JRC). By analysing more than 50 000 web-based press articles per day in 35 different languages, the EMM NewsExplorer uses JRC technology to generate automatic daily news summaries, allowing users to see the major news stories (news clusters) in various languages for a specific day and to compare how the same events have been reported in the different national media, as well as a list of most frequently mentioned names. They can also find automatically derived information, such as related persons and organisations.

EMM provides a number of analytical and statistical tools for understanding not only current affairs but also the amount of media attention they attract. “For decision-makers, media monitoring is part of the information process in a crisis situation,” explains Erik van der Goot. EMM allows them to consider the media’s portrayal of a crisis, as well as to adjust their actions and communication efforts to prevent panic or, on the contrary, to urge citizens to protect themselves. A public version of EMM is now on line and the EMM team is developing graphic modules to make it easier to understand the media scene.


Find out more