Big Data and security policies: Towards a framework for regulating the phases of analytics and use of Big Data

https://doi.org/10.1016/j.clsr.2017.03.002Get rights and content

Abstract

Big Data analytics in national security, law enforcement and the fight against fraud have the potential to reap great benefits for states, citizens and society but require extra safeguards to protect citizens' fundamental rights. This involves a crucial shift in emphasis from regulating Big Data collection to regulating the phases of analysis and use. In order to benefit from the use of Big Data analytics in the field of security, a framework has to be developed that adds new layers of protection for fundamental rights and safeguards against erroneous and malicious use. Additional regulation is needed at the levels of analysis and use, and the oversight regime is in need of strengthening. At the level of analysis – the algorithmic heart of Big Data processes – a duty of care should be introduced that is part of an internal audit and external review procedure. Big Data projects should also be subject to a sunset clause. At the level of use, profiles and (semi-) automated decision-making should be regulated more tightly. Moreover, the responsibility of the data processing party for accuracy of analysis – and decisions taken on its basis – should be anchored in legislation. The general and security-specific oversight functions should be strengthened in terms of technological expertise, access and resources. The possibilities for judicial review should be expanded to stimulate the development of case law.

Section snippets

The promise and perils of Big Data in security policies

Big Data is a catchword that promises radical change. Expectations are high when it comes to increasing sales, targeted advertising, optimising processes and generating unforeseen, unexpected and unprecedented insights. According to some, Big Data will revolutionise the way we live, work and think.1 Governments are keen to make sure that the benefits of these new technologies will be integrated into public policies as well. In the

A working definition of Big Data

Big Data is still very much a moving target. Technological developments and new applications continue to feed into the debate about what defines Big Data and sets it apart from earlier forms of data analysis. There is no real consensus regarding its key characteristics, although most definitions of Big Data refer to the ubiquitous three Vs.2 The first of these three stands for Volume (the use of large amounts of data), the second V is for Variety (the use of diverse data sources

Big Data, security, freedom: the need for distance

The use of Big Data analytics in security policies influences both freedom and security at the individual and societal level and, therefore, touches upon the very foundations of the constitutional state. Both freedom and security are rooted in fundamental rights.

Freedom presupposes distance – a certain amount of social space between the individual and others, including supervising bodies. In the history of the modern state, distance in relation to institutions that want to observe and direct

Big Data and security practice

It is not so easy to analyse how and to what extent Big Data applications already manifest themselves in the field of security. This is due to the secrecy that often shrouds security policy operations as well as the experimental nature of some applications and the understandable – though regrettable – reluctance to debate those in public. There is a well-founded fear among security agencies of being framed in a big brother context. There is some insight into the use of Big Data analytics in the

Looking into the future: trends in Big Data and security

Even though the often-proclaimed Big Data revolution20 is taking time to arrive, some major trends point in the direction of a Big Data future.

  • 1.

    Although the growth of available data over the last two centuries has been substantial, this is nothing compared with the current explosion in data size and variety.21 Such data are increasingly the product of three processes: data collection may be ‘directed’

Benefits of Big Data

There are many benefits (potential and realised) of applying Big Data analytics in the security domain. Governments have traditionally gathered and owned a great deal of personal data, which can now be used for Big Data analyses. On top of this, government agencies working in the security domain are authorised to request data from third parties, provided that this falls within their remit. They have many opportunities, therefore, to work with Big Data, and for good reason, because Big Data can

Limitations of Big Data

Despite some claims to the contrary, Big Data is not a miracle cure. Big Data solutions are not equally applicable or appropriate to all security problems and, like all instruments, they have not only strengths but also inherent shortcomings.

The right data is not always available – even in a digital world. Sometimes the data are simply not there, sometimes there are problems with retention periods and sometimes different data platforms prove not to be interoperable. The quality of data is not a

Risks of Big Data

The application of Big Data in the security domain also comes with a number of risks that, if not properly addressed, can outweigh the benefits and may erode public support for Big Data solutions. Some of these risks may result from not addressing some of the limitations outlined above, and others are the result of policy choices and overreach of Big Data methods.

Big Data analyses may reinforce social stratification by reproducing and reinforcing the bias that is present in every dataset: data

A mixed legal framework for Big Data and security

Big Data is here to stay. Eventually its development will take off, also in the field of security. It is essential, therefore, to manage the use of Big Data effectively. Big Data analyses have the potential to make a valuable contribution to the security and freedom of society, but for this to happen, they must be made on a solid legal basis, covering the risks presented by Big Data and including measures for dealing with them or compensating for them.

Regulation: from data collection to data analysis and use

There are some inherent tensions between Big Data and current data protection law. In its ideal form, Big Data is based on the principle of unfocused data collection, as well as on linking and reusing data collected for other purposes and by other parties. Secondary use of data and the idea that more data leads to more accurate – as well as unexpected – insights are core ingredients of the promise of Big Data. The current European and national rules and regulations, however, are mainly

Regulating analysis: looking into the black box

In Big Data processes, the important choices are made in the phase of the analysis: selecting the algorithms, data sources and categorisation, assigning weight to various data, etc. It is in this phase of Big Data processes – the algorithmic heart – that the various risks that we outlined earlier materialise.

Regulating use: big consequences require big responsibility

Big Data analysis should result in actionable knowledge.71 At some time, some person or persons will be confronted with the results of an analysis in the real world: the tax authorities may investigate, or the police may knock on someone's door. The real life consequences – which may be especially felt when it is about security considerations – merit a very thorough scrutiny of how Big Data analyses contribute to decision-making processes and their practical use.

Who watches the watchers: reinforcing oversight and strengthening transparency and judicial review

The use of Big Data in the security domain requires intensified oversight. An effective and confidence-inspiring oversight regime, in its turn, requires a higher degree of data processing transparency. In this, transparency is not an aim in itself but serves the interests of accountability. Citizens and organisations must also have opportunities to discuss the accuracy and proportionality of decisions based on data analyses and made by government institutions and, if necessary, to have them

Serving security, protecting freedom

Big Data has a lot to offer for surveillance, investigation and prevention in the field of security. However, Big Data processes can also have a significant impact on citizens, even if they are innocent and not suspected of anything. The application of Big Data, therefore, must be accompanied by additional measures to protect fundamental rights. Only under this condition can Big Data make a substantial contribution to the security and the freedom of citizens within and outside the Netherlands.

Acknowledgement

This article is based on a Dutch report entitled Big Data in een vrije en veilige samenleving (Big Data in a free and secure society). The report was presented to the Dutch government by the Netherlands Scientific Council for Government Policy (Wetenschappelijke Raad voor het Regeringsbeleid, WRR), an independent scientific advisory body. The original report was written by a project team chaired by Ernst Hirsch Ballin (member of the council) and further consisting of Dennis Broeders, Erik

References (0)

Cited by (61)

  • Legal and technical questions of file system reverse engineering

    2022, Computer Law and Security Review
    Citation Excerpt :

    The introduction of automated, complex tools in investigations will sharpen the identified challenges with security, privacy, intellectual property, or methodology validation and disclosure. The lack of a regulatory framework to ensure accountability and reliability in big data analytics for investigations is already outlined as an emerging challenge for law enforcement [9]. Further, in mobile forensics most investigators rely on the digital forensic tools provided by commercial vendors.

  • Digital evidence: Unaddressed threats to fairness and the presumption of innocence

    2021, Computer Law and Security Review
    Citation Excerpt :

    Currently there is an over-emphasis both by scholars and legislators on access and collection of data through technology, while the debate is not legislatively complemented with reliability standard for testing of such data and its further analysis as evidence related to a concrete suspect or crime. Further steps in data processing after collection, specifically the legal compliance of pre-processing, examination and analysis of data (Broeders et al., 2017) from different sources in a law-enforcement context is not addressed in any legislative initiative. It is also unclear how information inferred from data (analytics) can be protected and used during the investigation.

  • Big Data, Emerging Technologies and Intelligence: National Security Disrupted

    2024, Big Data, Emerging Technologies and Intelligence: National Security Disrupted
  • Research on big data audit based on financial shared service model

    2024, Applied Mathematics and Nonlinear Sciences
View all citing articles on Scopus
View full text