Outline

The summerschool started on Sunday with a welcome reception between 19:00 and 20:30. On Tuesday evening there was a social event in downtown Nijmegen. The summerschool ended Friday after lunch. The ISP 2017 schedule comprised of:

• 9 lectures
• work on case studies
• a rump session
• social events

Programme

Lectures have a coffee/tea break halfway and end with a 15’ Q&A. All lectures, presentations and the rump session take place in the main conference room. The rump session allows students to present their (unfinished) research in an informal setting, using a brief, engaging, presentation. To work on the case studies, please find yourself a comfortable spot somewhere.

Breakfast and lunch are available in the hotel restaurant, and are self-service. Dinner is served in the hotel restaurant as well.

Abstracts

Hadi Asghari:
The Economics of Smart-X

Companies and governments are excited about the brave new world of smart-everything. The vast data that IoT devices generate promise to help us tackle challenges in areas as diverse as health-care, energy, or education. And while there is some agreement on privacy and ethical risks, it is not in any single company’s interest to minimize data collection. Consequently, despite years of research into privacy-enhancing technologies, they are often ignored. The fact that the E.U. has strict data protection rules seems to also have little effect: platform economics and network effects have nudged users and made ‘surveillance capitalism’ the new business model.

In this lecture, we investigate these economic forces, and discuss possible collective solutions.

Bibi van den Berg:
Look Before You Leap: On Using Air Gaps for IoT in the Home Environment

The market for Internet of Things (IoT) technologies, such as networked coffeemakers, refrigerators, bicycles etc., for the home environment is growing every year. Both privacy and security specialists have warned that the deployment of IoT technologies in the home can lead to serious risks. In this lecture, we will catalogue some of these risks. More importantly, we will delve into the ‘why’ of the rise of IoT. There appears to be a large-scale, silent, implicit societal trend – almost with the force of a tidal wave – in the Western world that dictates that any device that can be connected to the internet, should be connected to it. IoT flows almost naturally (and unstoppably) from this trend.

In this lecture, we will dissect this trend, and shed light on some of the motivations that e.g. industries have in equipping literally any and all devices in the home with sensors and actuation. Borrowing a term from the field of cybersecurity, we will then discuss one unconventional, yet obvious solution space to remedy many of the privacy and security risks surrounding IoT devices for the home: air gapping them. A critical societal debate on the automatism of networking devices is needed, and it is needed today.

Claudia Diaz:
Privacy Enhancing Technologies for Smart-X

Eleni Kosta:
Processing Personal Data in Smart Era: Challenges of the Recently Adopted General Data Protection Regulation

Smart meters, smart toys, smart cards, smart cars, smart homes, smart…you name it. The era of smart environments, processes and applications is already part of everyday life, bringing with it both promise and peril. Information about the individuals is collected, processed and transferred in unprecedented volume and speed. The legal framework on the processing of personal data in Europe was amended in 2016 and the new General Data Protection Regulation (GDPR) will enter into force in May 2018 introducing new rights and obligations on entities involved in data processing operations, along with novel rules on data processing.

This lecture will introduce the students to the provisions that have an impact on smart-X and familiarise them with the rules that need to be respected during data processing operations.

Robin Mansell:
Complex Digital Systems: Challenges to Accountability

This session examines debates about developments in artificial intelligence, augmented control systems, and machine learning which are being introduced into commercial digital products (driverless cars) and services (digital platforms, the Internet of Things) and reasons for a bias in policy making towards ex post or reactive policy measures that aim to hold the owners and developers of complex digital systems accountable for the consequences of their business strategies.

The session considers whether policy making focusing on the digital economy is likely to adopt a more precautionary (ex ante) approach, the contributions of instrumental and critical strands in the academic literature to this debate, and the likelihood that effective policy measures will be implemented to foster social and economic equality and increase opportunities to hold complex digital system operators to account.

Andrea Matwyshyn:
The Internet of Bodies

The Internet of Things has begun to expand into an “Internet of Bodies” or “IoB.” In ways that are uncomfortably reminiscent of dystopian movies such as The Matrix, some human bodies are now reliant upon computer code and the internet for their functionality, privacy, and integrity. These “IoB” technologies – technologies that blend flesh and code -- present novel medical and body enhancement opportunities. However, a portion of these IoB technologies will inevitably malfunction, harming the attached human bodies. The litigation arising from IoB harms will force courts to revisit the uneasy balance between bodily integrity/consumer protection interests on the one hand and intellectual property/data collection interests on the other.

Although IoB legal questions may seem the stuff of science fiction and many years away, surprisingly they are not. The United States Federal Drug Administration has already approved the first digital pills and the first IoB pancreas, and other early IoB technologies are already in widespread use. Malfunctioning IoB pacemakers, cochlear implants, and deep brain stimulation chips have resulted in the first generation of IoB controversies in both the EU and U.S. Regulators have also started to recognize the legal challenge. For example, the U.S. Copyright Office highlighted the importance of IoB computer code integrity in its 2015 grant of a security research exemption to Section 1201 of the Digital Millennium Copyright Act. But, IoB technologies implicate more than just traditional copyright law paradigms. They also challenge traditional constructions of patent and contract rights, and they highlight uncomfortable regulatory gaps across federal agencies.

In brief, the arrival of the Internet of Bodies will force a legal reconsideration of the balance between creators’ intellectual property/contract rights and users’ dignitary interests in bodily integrity and privacy/security. Relying on the work legal and technological theories of human enhancement, this talk offers a legal framework for reconciling competing IoB interests in law. Ethically, however, the Internet of Bodies presents a harder set of challenges. IoB raises fundamental questions about construction of meaningful consent, social stratification caused by innovation, and what it means to be “human” in an age of technology-mediated bodies and artificial intelligence.

Charles Raab:
CANDID: Checking Assumptions and Promoting Responsibility in Smart Development Projects

This talk discusses the work of CANDID, an interdisciplinary Horizon 2020 project that focuses upon ‘smart’ phenomena and their implications for a range of processes and values, including privacy and data protection. The science-and-society, legal and ethical, and human-machine dimensions of ‘smart’ and the Internet of Things are foregrounded in CANDID’s programme. Based on a Responsible Research and Innovation approach, CANDID integrates three modules (User and Design Configurations; Risks, Rights and Engineering; Sensing Infrastuctures) and includes a discourse analysis of documentary materials and consultation responses.

CANDID’s aim is to explore critically the implications of the burgeoning innovation of ‘smart’ applications (with particular reference to smart grids, smart metering, smart health, and smart cities and governance) for human and societal benefit and for the protection of human rights, especially the rights to privacy and data protection that are strongly affected by the collection and further intensive analysis and processing of personal data.

The talk will give an overview of CANDID, its issues and its methods, including the peer-review and consultation exercise to be conducted with professionals and other experts who are involved in ‘smart’ developments. It will focus particularly on questions of privacy and human rights that are generated by these developments.

Thorsten Strufe:
Privacy in Social-X

Humanity has developed some cultural practices for thousands of years that are currently experiencing profound change through digitization. This has led to a surge in data trails that individuals leave behind, which comprise of content and meta-data, for easy access by legitimate and illegitimate parties.

We will try to discuss the ramifications and the meaning of privacy in this context, and we will try to find potential ways out of this situation. We will consider the path of unobservable service provision and utilization, especially for social apps. More specifically, we'll have a look at darknets, their current deficiencies, and ways to enhance them.

Linnet Taylor:
Living with Visibility: Rethinking Privacy for a World of Sensors

The Internet of Things is evolving along two dimensions: first, the development of new capabilities through systems that network objects with each other, with us and (often accidentally) with the world at large. Second, it is also a source of data that enables the tracking and monitoring of people’s activities and behaviour on a global level. As surveillance increasingly becomes distributed - becoming many-to-many; public/private in its governance, and diverse in objectives and uses, various questions arise. What does it mean to live in a world made of sensors, are the privacy challenges the same everywhere, and how may it change what we expect from privacy provisions?

This lecture will address the political economy of the data produced by the IoT, the power asymmetries it may produce or amplify, and discuss what principles and leverage might be appropriate to create a more privacy-friendly IoT.