At The Intersection Of Ethics, Law & Technology In Trinidad & Tobago
On 12th July 2015, the students of the Master of Information Systems & Technology Management (MISTM) programme at the Arthur Lok Jack Graduate School of Business were exposed to the growing global ethical debate of security vs. privacy within the context of existing local laws with an information Security dimension (as well as impending proposed legislation). As part of my Information System Security, Ethics and Law (ISSEL) course, within the class dedicated to examine ethical and legal issues as pertains to Information Security, I invited two guest presenters, both lawyers, to share their expertise with the students:
- Cláudio Lucena, Professor of Law, Paraíba State University, Brazil
- Jason Nathu, Tutor, Legal Aid Clinic, Hugh Wooding Law School
Security vs. Privacy
Mr. Lucena noted that increased awareness for privacy in the virtual world as a relatively new phenomenon due to the digital revolution and increased technological capabilities for mass collection of data, while stating; “The Right To Privacy” in the physical world dates back to 1890. He suggested that the strength of the response towards 2012 Snowden revelations of global surveillance was mainly due to the fact that it revealed infractions against foreign leaders and persons involved in international relations, rather than only surveillance normal citizens. The awareness generated from these revelations was cited as contributing towards a March 2015 decision by the UN Human Rights Council to adopt a resolution to appoint a special rapporteur on the right to privacy. As a Brazilian citizen he related how specific revelations of surveillance in Brazil led to a heightened pace towards the passage of Marco Civil Da Internet as an online protection of civil liberties, and data protection laws to ensure adequate data handling.
ISSEL student posing a question to Mr. Lucena
After laying this foundation, we got into other issue such as:
- The ideological difference between the EU and US approaches towards data privacy where the EU approach tends towards protecting individuals’ rights to maintaining ownership of data.
- How the right to “Right To Be Forgotten” seeks to protect individuals from search results about themselves which can be deemed as inaccurate, inadequate, irrelevant or excessive.
Interestingly, I met Mr. Lucena at the 2015 South School Internet Governance in Costa Rica, where we were fortunate to have seen a presentation by Mr. Pedro Less Andrade, Latin American Policy Counsel of Google, who presented (en español) some of the challenges of the right to be forgotten ruling.
Local Legal Context
Quite suiting a core theme of the day, Mr. Nathu grounded his delivery entitled “Information Security: The Local Legal Context” by defining the right to privacy and then segued into discussion on the Data Protection, Computer Misuse and Electronic Transactions Acts.
Mr. Nathu defining the right to privacy
Previously, Mr. Lucena, in commenting on Brazil’s weak cybercrime laws, suggested that there was a perception of cybercriminals as being less of a criminal. This was echoed by Mr. Nathu, who also stated there was a low prosecution rate for e-crimes globally. In highlighting the difference between criminal prosecution and civil proceeding he questioned why certain organisations, e.g. banks, would expose themselves as victims of cybercrime, and thereby suffer reputational loss, in criminal proceedings, which would result in no monetary compensation.
A few of the additional salient points on the aforementioned laws brought out by Mr. Nathu included:
- Lack of proper consultations and serious objections from professional bodies such as the Media and Law Associations on certain aspects of the Data Protection Act, which remains partially proclaimed.
- The Computer Misue act has over specification in some areas, e.g. definition of a computer, yet it “Broadly and vaguely protects against hacking, data misuse…”.
- The Electronic Transactions Act remains partially proclaimed and it “does not REQUIRE a public body to accept or issue any document in electronic form”.
- The pace of enacting and subsequent legislative reform is slow.
In responding to a question on why such deficiencies within our laws exist, Mr. Nathu offered that communication and consultation was an issue. He urged the students to become more involved on matters with a technology and legal intersection. On a conciliatory note, he admitted we were a young society with respect to this type of legislation and added that it is good that we have some laws in place, as a framework to build upon, even if it is not quite as robust to respond to the surrounding global context.
Collaboration is stated as one of the five key areas of focus within Trinidad and Tobago’s national Cyber Security Strategy and it was certainly good to get collaboration from guest lectures of the caliber of Mr. Lucen and Mr. Nathu to share their expertise with a classroom of primarily technology based master level students. Additionally both presenters mentioned the need for higher levels of activism and involvement. In the U.S. there is an organization known as the Electronic Frontier Foundation (EFF) which seeks to defend civil liberties in the digital world:
Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows.
Would you say we have a sufficient intersection between the technology and legal professions in Trinidad and Tobago towards the protection of rights in the digital age?