 today. Two people from Privacy International. One is Eva Blum-Dumonté. She's a research officer working on data exploitation, especially in the global south. And Millie Wood, who's a lawyer and is fighting against spy agencies and before that she fought seven years against police cases and they're going to be talking about policing in the age of data exploitation, giving a warm welcome. As was just said I've been at Privacy International for two years working as a lawyer. Before that I spent seven years bringing cases against the police and what increasingly concerns me based on these experiences is a lack of understanding of what tactics are being used by the police today and what legal basis they're doing this on. The lack of transparency undermines the ability of activists, lawyers and technologists to challenge the police tactics and whilst I'm sure a lot of you have a broad awareness of the technology that the police can use, I don't think this is enough and we need to know what specific police forces are using against individuals. The reason why is that when you're arrested you need to know what disclosure to ask for in order to prove your innocence. Your lawyers need to know what expert evidence to ask for in order to defend their client and increasingly as there are invisible ways or seemingly visible for the police to monitor a scale we need to know that there are effective legal safeguards. Now those who are affected are not just the guilty or those who understand technology. They include pensioners such as John Cat, a 90-year-old man who's a peace protester and he's a law-abiding citizen, no criminal record and yet he is on the UK domestic extremism database and listed here are some of the entries. He took his sketchpad and made drawings, he's clean shaven and he was holding a board with orange people on it. So this is the kind of people that they are surveilling. John's case exposes unlawful actions by the police but these actions date back to 2005 to 2009. As far as I'm aware there are no cases challenging modern police tactics and privacy international in the UK and with our partners throughout the world are increasingly concerned at the pace this is developing, unobstructed because people don't know what's going on and so we've started in the UK to try and uncover some of the police tactics using freedom of information requests. These laws should be available throughout Europe and we want to make similar requests in other countries hopefully with some of you. So now I'm going to hand over to my colleague Eva who will talk a bit about privacy international, some of the tactics we know the police are using and then we'll speak about some of the things that we found out through our initial research. Thank you so I'm just going to tell you a little bit more about privacy international for those of you who don't know this organization. We are based in London and we fight against surveillance and defend the right to privacy across the world. Basically essentially what we're doing is that we do litigation we conduct research and we carry out advocacy including at the United Nations. We develop policies on issues that are defining modern rights. Now all works ranges from litigations against intelligent services to a wide range of reports on issues such as connected card, smart cities and fintech. We've recently published an investigations on the role of company like Cambridge Analytica and Harris Media and their role in the latest Canadian elections. With all network of partner organization across the world we advocate for stronger privacy protection in the law and technology and stronger safeguards against surveillance. Now we talk about data exploitation and it's actually the title of the talk. So what do we mean by that? The concept of data exploitation emerged from all concerns that the industry and governments are building a world that prioritizes the exploitation of all data. We observe three prevailing trends in data exploitation. One is the excessive data that's generated beyond our control. The second one is the fact that this data is processed in way we cannot understand or influence and the lack of transparency around it. The last one is that at the moment this data is used to disadvantage us, the ones who are producing this data and it's further empowering the already powerful. We hardly control the data anymore that's generated for our phones and our computers but now in the world we live in data just don't come just from our phones or computers. It comes from the cars we're driving, it comes from our payment systems, from the cities we live in. This is all generating data and this data is used by other entities to make assumption about us and take decisions that eventually influence our lives. Are we entitled to a loan? Do we qualify for affordable insurance? Should we be sent to jail or set free? Who should be arrested? This is at the core of the world that we're building around data exploitation. The question of power and balance between those who have the data and who get to make decisions based on this data and those who are producing the data and losing control over it. Now what does policing have to do with data? Sorry, what does data exploitation have to do with policing? The police has always been actually using data in the past. To give you one example, in 1980 a transit police officer named Jack Maple developed a project called Chart of the Future. This is how he described it. I called him the Chart of the Future. On 55 feet of wall space I mapped every train station in New York City and every train. Then I used Koreans to mark every violent crime, robbery and grand larceny that occurred. I mapped the soul versus the unsolved. Now the system was used by the transit police and it was credited with reducing felonies by 27% and robberies by a third between 1990 and 1992. So this generated a lot of interest in this project and former New York mayor asked the New York police department to essentially take up Chart of the Future and develop their own project. It became Comstats. Comstats was again essentially about mapping crime to try and make assumption about where crime words are happening. So this kind of shows this narrative, the building of this narrative around this idea that the more data you have, the more data you generate, the better you will be at reducing crime. Now it becomes interesting in the world we live in that we describe where we are constantly generating data often without the consent or even the knowledge of those who are producing this data. So there are new questions to be asked. What data is the police entitled to access? What can they do with it? Are we all becoming suspect by defaults? One of the key elements of the intersection between data exploitation and policing is the question of smart cities. It's worth bearing in mind that data driven policing is often referred to as smart policing. So obviously the word smart has been used generally in a generic manner by various industry to kind of describe this trend of using mass data collection in order to provide new services. But there is actually a real engineering connection between smart cities and data driven policing. The first reason for that is that actually one of the main reasons for cities to invest in smart city infrastructure is actually the question of security. This is something we've explored in our latest report on smart cities and this is emerging also from the work we're doing with other organisations including Coding Rights in Brazil and DRF in Pakistan. So actually Brazil is an interesting example because before the MIGA events they started organising like the football work up and the Olympics, they invested massively in smart city infrastructure including projects with IBM. And precisely the purpose of what they were trying to achieve with their smart city infrastructure was making the city safer. So it was extremely, strongly connected with the police. So this is a picture, for example, of the control room that was built to control CCTV cameras and to create graphs in order to showcase where crime was happening and also where the likeness of natural disasters in some areas. In Pakistan there's a whole new programme on investment of smart cities which is actually referred to as the safe city project. Now companies understand that very well and this is actually an image from an IBM presentation describing their vision of smart cities. And as you see, policing is very much integrated into their vision, their heavily centralised vision of what smart cities are. So that's no wonder that companies that offer smart city infrastructure are actually now also offering a platform for policing. So those companies include IBM as I mentioned but also Oracle and Microsoft. We see in many countries, including the UK, where we based some pressure on budget and budget reduction for the police. And so there is a very strong appeal with this narrative that you can purchase, you can purchase platform, you can gather more data that will help you do policing in last time and do it more efficiently. But little food is given to the impact on society or right to privacy and what happens if someone unexpected takes the reins of power. Now we're going to briefly explain what data-driven policing looks like and eventually Millie will look at our findings. So the first thing I wanted to discuss is actually predictive policing because that's often something we think of and talked about when we think about data-driven policing. I mentioned Kamstar before and essentially predictive policing works on a similar premise. The idea is that if you map where crime happens, you can eventually guess where crimes where the next crime will happen. So the key player in predictive policing is this company called PredPol. I mean I think they describe pretty much what they do. They use artificial intelligence to help you prevent crime by predicting where and where, when and where crime will most likely occur. Now PredPol and other companies using something called the hoax process that's used normally for the prediction of earthquake tremors. So what hoax originally did is that he was analyzing how after an earthquake you have aftershakes and usually the aftershakes tend to happen where the original earthquake happened and in a short period of time after that. So the hoax process basically is described as when a certain event happens, other events of the same kind will happen shortly after in the same location. Now obviously it actually works quite well for earthquakes. Whether it works for crime is a lot more questionable but that's actually the premise on which companies that are offering predictive policing services are relying. So basically applied to predictive policing, the mantra is monitoring data on places where crime is happening. You can identify geographic hotspots where crime will most likely happen again. Now other companies than PredPol are joining in and they are adding more data than just simply location of past crimes. So this data has included open source intelligence and we'll talk a little bit more about this later on. Weather reports, census data, the location of key landmarks like bar, churches, schools, data of sporting events and moon faces. I'm not quite sure what they're doing with moon faces but somehow that's something they're using. When predictive policing first emerged, one of the key concerns was whether or what was going to be turning into a minority reports scenario where people are arrested before crime is even committed. And companies like PredPol were quick to reassure people and say that they're not concerned about who will commit crime but where crime is happening. Now that's not actually true because in fact at the moment we see several programs emerging, especially in the U.S., where police departments are concerned not so much with where crime is happening but who's committing it. So I'm going to talk about two examples of this. One is the Kansas City No Violence Alliance, which is a program laid by the local police to identify who will become the next criminal basically. And they're using an algorithm that combines data from traditional policing as well as social media intelligence and information that they have on drug use. Based on this, they create graphics that generated using predictive policing to show how certain people are connected to already convicted criminals and gang members. Once they've identified those people, they request meeting with them, whether they've committed crimes or not in the past. And would they have a discussion about their connection to those convicted criminal and gang members? And what they tell them is that they all warn that if a crime net happened within the network of people, every person connected to this network will be arrested whether or not they were actually involved in the crime being committed. Now, there are actually dozens of police departments that are using similar programs. In the Chicago Police Department has an index of the 400 people most likely to be involved in violent crimes. That sounds like a BuzzFeed article, but actually, there is a reality which is extremely concerning because those people who are in this list, or for the most part not actual criminals, they are purely seen to be connected to people who've committed crime. So if your next neighbor is a criminal, then you may well find your name on that list. Now, predictive policing is deceptive and problematic for several reasons. First of all, there's a question of the presumption of innocence. In a world where even before you commit a crime, you can find your name on that list or be called by the police. What happens to this very basis of democracy, which is the presumption of innocence. But also, there's the other question of like, can we really use the math that was originally designed for earthquake and apply it to human beings? Because human beings don't work like earthquakes, they have their own set of biases. And the biases starts with how we collect the data. For example, if the police is more likely to police areas where there is minorities, people of color, then obviously the data they will have will be disproportionately higher on persons of color. Likewise, if they're unlikely to investigate white-collar crime, they will be unlikely to have data that are reflecting a reality where crime also happens in wealthier areas. So basically, we are inputting bias data sets that obviously will lead to bias results. And what does bias result mean is that it will continue the already existing trend of other policing communities of color and low-income communities. I'll leave it to you, Millie, for the next part. So, one of the increasing technologies we're seeing in the UK and is no doubt used around the world, I'm probably at border points, although we need more help than we've searched through this, is mobile phone extraction. The police can extract data from your phone, your laptop and other devices, which results in a memory dump of the extracted data taken from your device and now held in an agency database. So, for example, all your photos, all your messages, and all those of people who had no idea they would end up in a police database because they're associated with you, retained for as long as the police wish. Now, these devices are pretty user-friendly for the police. And if you're interested, you can look on YouTube where Celebrite, one of the big players, has lots of videos about how you can use them. And so depending on the device and the operating system, some of the data, this is from a police document, but it lists what they can extract using a Celebrite UFED, is what you might expect, device information, calls, messages, emails, social media, and Wi-Fi networks. But if you look at their websites, and here are a few examples, they can also collect system and deleted data. They can access cloud storage and inaccessible partitions of the device. Now, this is data that is clearly beyond the average user's control. And as the volume of data we hold on our phones increases, so will this list. And the companies we know the UK police are using, which includes Celebrite, Excesso, Radio Tactics, MSAB, all aware of how valuable this is. And as one of them has stated, if you've got access to a person's SIM card, you've got access to the whole of a person's life. They also go on to note the sheer amount of data stored on mobile phones is significantly greater today than ever before. There are also no temporal limits to the extraction of data. This is from another peace document we obtained. And it shows that if you choose to extract a certain data type, you will obtain all data of a particular type, not just the data relevant to an investigation. So all that data on a police database indefinitely. And even if you were asked whether you were happy for mobile for your data to be extracted during investigation, I think it's highly unlikely you would realise the volume that the police were going to take. Other targets for the police that we know about are infotainment systems in cars, smart TVs and connected devices in the home. This is an extract from a Tech UK report where Mark Stokes, head of digital forensic at the Met Police, which is the police in London, stated in January that the crime scene of tomorrow will be the internet of things. And detectors of the future will carry a digital forensics toolkit that will help them analyse microchips and download data at the scene, rather than removing devices for testing. Now, I can imagine that the evidence storage room is going to get a bit full if they start dragging in connected fridges, hair dryers, hair brushes, your Google Home, Amazon Echo and whatever else you have. However, their plans to walk into your home and download everything make no mention of needing a specific warrant. And so the only limitations at the moment are the protections that may exist on the devices. The law does not protect us and this needs to change. So I'm going to be talking a little bit about open source intelligence and in particular social media intelligence. Because when I talked about predictive policing, I identified those two sources as some of the data that's being used for predictive policing. Now, open source intelligence is often thought of as or often assumed to be innocuous. And there is the understanding that if information is publicly available, then it should be fair for the police to use. Now, the problem is that among open source intelligence, there is often social media intelligence that we refer to as documents. Now, there are many ways to conduct a document and it can range from like the single police officer who is just using Facebook or Twitter to look up the accounts of victims or suspected criminals. But there are also companies that are scrapping the likes of Facebook and Twitter to allow the police to monitor social media. Now, social media has like blurred the lines between public and private because obviously we are broadcasting our views and on this platform. And at the moment, the police has been exploiting this kind of unique space, this blurred line. They are accessing this content in a completely unregulated manner. As long as the content is publicly available, like for example, you don't need you don't need to be friend or to or to have any already established connection with the suspected criminal or the police or the victim. Anything that's available to you is completely unregulated. There are no rules. And I mentioned earlier the question of budget restriction. And so the police has is benefiting hugely from this because it doesn't it doesn't really cost anything to use social media. So at the moment, Sarkmin is kind of like the first and easy step in in a police investigation because there is no cost and because there is no other side. Now, Sarkmin actually isn't so innocent in the sense that it allows the police to identify the locations of people based on their post. It allows them to establish people's connection, their relationships, their association. It allows the monitoring of protests and also to identify the leaders of various movements and to measure as a person's influence. Now, in the UK, what we know is that the police is largely using is largely using marketing products. So this is an anonymous quote from a report by academics that have been doing research on Sarkmin. And what someone said was that a lot of stuff came out of marketing because marketing were using social media to understand what people were saying about their product. We wanted to understand what people were saying. So it's almost using it in reverse. Now, again, this is this is not considered like surveillance device. This is purely a marketing project that they're using. And for the reason, law enforcement agencies and security agencies often argue that Sarkmin has basically no impact on privacy. But actually, when your post reveals your location or when the content of your post reveals what used to be considered and is still considered actually as sensitive private information, like details about your sexual life, about your health, about your politics, can we really minimize the impact of the police accessing this information? Now, obviously, we may not have a problem with the average Twitter user or with your friend reading this information. But when the ones who are reading the information and taking actions on this information have power over us, like the police does, you know, what does it actually mean for all rights to privacy? Sorry. And that's not to say that that's not sorry that's not to say that people should stop using social media, but rather what is, but rather what kind of regulation can we put in place so that it's not so easy for the police to access. The absence of regulations on Sarkmin has actually already led to abuse in two cases, both in the US that we've identified. One is the race of us is the city of New York, which is a case from the ACLU, where we knew that we found out that the city of New York, sorry, the New York police department, was systematically gathering intelligence on Muslim communities. And one of the ways they were gathering this intelligence was essentially by surveilling social media accounts of Muslims in New York. The second case is a company called Zero Fox. So what Zero Fox does is social media monitoring. Now during the riots that followed the funeral of Freddie Gray, Freddie Gray was a 25-year-old black man who had been shot by the police. So after his funeral there had been a series of riots in the UK and Zero Fox produced a report that they shared with the Baltimore police to essentially advertise for their social media monitoring tool. And what the company was doing was again like browsing social media and trying to establish who were the threat actors in these riots. And among the 19 threat actors that they identified, two of them were actually leaders of the Black Lives Matters movement. Actually at least one of them was a woman, definitely not a physical threat, but this is how they were essentially labelled. So these two examples actually shows that again it's still the sort of same targets. It's people of colours, it's activists, it's people from poor income backgrounds. There's a single doubt as likely criminals. And it's very telling when we realise that document is actually one of the source of data that's eventually used for predictive policing and then again predictive policing leading to people being more surveilled and potentially exposed to more police surveillance based on the fact that they are singled out as likely criminals. Now social media is a fascinating place because it's a mix between a private and a public space. As I said we are broadcasting our views publicly but then again it's a privately owned space where we follow the rules that are set up by private companies. Now if we want to protect this space and ensure that like free expression and political organisation can still happen on the spaces we need to fully understand how much the police have been exploiting the spaces and how we can limit and regulate their use of it. Now I'll talk to Amelia about what we can do next. So I'm going to briefly look at some of our initial findings we've made using freedom of information requests. Broadly the lack of awareness by the public, weak legal basis and a lack of oversight. Now sometimes the lack of awareness appears intentional. We ask the police about their plans to extract data from connected devices in the home and they replied neither confirm nor deny. Now this is kind of a bizarre response given that Mark Stokes who's a member of the police had already said that they planned to do this. In addition the UK government home office replied to us saying the home office plans to develop skills and capacity to exploit the Internet of Things as part of criminal investigations. They also said that police officers will receive training in relation to extracting, obtaining, retrieving data from or generated by connected devices. So we wrote back to every police force in the UK who had refused to reply to us and presented the evidence but they maintained their stance. So we will be bringing a challenge against them under the Freedom of Information Act. Now Eva has also identified the huge risks associated with predictive policing. Yet in the UK we've found out this is set to increase with forces either using commercial tools or in-house ones they've developed or planning trials for 2018. There has been no public consultation, there are no safeguards and there is no oversight. So when we ask them more questions about their plans we were told we were vexatious and they won't respond to more requests so it seems like we have yet another challenge. And what about mobile phone extraction tools? Here are some of the stats that have been found out. And I would say these aren't completely accurate because it depends on how reliable the police force are in responding. But roughly I'd say it's probably more than 93% now of UK police forces throughout the country are extracting data from digital devices. We know they plan to increase. We've seen in their documents they plan to train more officers to buy more equipment and to see extraction as a standard part of arrest even if the devices had absolutely nothing to do with the offence. And so these figures are likely to increase exponentially. But in the UK not only did the police not need a warrant. In documents we've read they do not even need to notify the individual that they have extracted data for example from their mobile phone or that they're storing it. If this is being done without people's knowledge how on earth can people challenge it. How can they ask for their data to be removed if they're found innocent. Turning to social media monitoring which the police refer to as open source research. This is Jenny Jones. She's a member of the House of Lords in the Green Party and next to her photo is a quote from her entry on the domestic extremism database. And so if a member of the House of Lords is being subject to social media monitoring for attending a bike ride and then I think it's highly likely that a large number of people who legitimately exercise their right to protest are being subject to social media monitoring. Now this hasn't gone unnoticed completely although they're slightly old. These are quotes from two officials. The first the UK independent reviewer of terrorism who who notes that the extent of the use of social media monitoring is not publicly known and the second is the chief surveillance commissioner who is and this is a very strong statement for a commissioner is saying that basically social media should not be treated as fair game by the police. So now I'll move on to a weak or outdated legal basis. For most of the technologies we've looked at it's very unclear what legal basis the police are using even when we've asked them. This relates to mobile phone extraction. So the legislation they're relying on is over 30 years old and is wholly inappropriate for mobile phone extraction. This law was developed to deal with standard traditional searches. The search of a phone can in no way be equated to the search of a person or the search of a house. And despite the fact that we have repeatedly asked for a warrant this is not the case. And we believe that there should be a warrant in place not only in the UK but in the rest of the world. So if you think that either you or your friends have had their data extracted when they're arrested or your phone has been in the possession of the authorities you should be asking questions. And very briefly something on lack of oversight. So we reported in January this year about documents that were obtained by Bristol Cable's investigation into Celebrite. And one report said that in half of the cases sampled the police noted the police had failed to receive authorization internally for the use of extraction tools. Poor training undermined investigations into serious offenses such as murder and inadequate security practices meant there was encryption was not taking place and it even when it was easy to do. And they were losing files containing intimate personal data. So why does this matter? Here are some key points. In relation to information asymmetry it's clear as Eva has explained that the police can now access far more data on our devices than the average user. In relation to imbalance of power it's clear they can collect and analyze sources that are beyond our control whether it's publicly placed sensors, cameras and other devices. There is also unequal access and if lawyers don't know what's being gathered they don't know what to ask for from the police. All in all this puts the individual at a huge disadvantage. Another impact is the chilling effect on political expression. Now I'm sure many of you maybe think that the police monitor your social meter but the average person is unlikely to. And so if they start to know about this are they going to think twice about joining in protesting either physically or using a hashtag? And what about who your friends are? If they know you attend protests and they really want to have their data on your phone if they know that potentially that could be extracted and end up on a police database. It's far easier to be anonymous face among many people than a single isolated person standing up to power. But these new forms of policing we've been discussing redefine the very act of protesting by singling out each and every one of us from the crowd. So what can we do? Many of you will be familiar with these technologies but do you know how to find out what the police are doing? In the UK we've been using freedom of information requests. We want to do this with people throughout Europe and you don't need to be a lawyer so please get in touch. We also want to dig into the technology a bit more. I want someone to use a celibate UFED on my phone and show me exactly what can come out of it. And we want to tell lawyers and activists about these new techniques. Many lawyers I speak to who are experts in actions against the police do not know the police are using these tools. This means they don't know the right questions to ask and so it's fundamental you speak to people who are bringing these cases and tell them about what they can do or what questions they should be asking. And finally we want you to also raise the debate to share our research and to critique it. Thank you. So we've got ample of time for Q&A. Are there any questions in the hall? Yes, there's one over there. You mentioned the problem of that when they do physical extraction from the celibate device it's going to get all of the photos or all of the emails or whatever it may be rather than just what the investigator needs. What is the solution to that from your eyes? Is it a technical one? That these companies are going to have to implement which they're not going to or a legal one because on the other side a mobile phone is a crucial part in any criminal investigation in 2017. So what's the work around or the solution to that? I think it's both. I think the fact that there isn't any law looking at this and no one's discussing can there be a technical solution or does it need to be one where there's better regulation and oversight? So you extract everything can you keep it for a certain period to see what's relevant then do you have to delete it? The trouble is we don't see any deletion practices and the police have publicly stated in the media that they can just keep everything as long as they like. They like data. You can kind of see why but that doesn't mean they should keep everyone's data indefinitely just in case it's useful. So I think there may be tech solutions. There may be legal ones and I think perhaps both together is is one of the answers. The next question from microphone one please. I'm just wondering how those laws and regulation and power given to the cops are being sold to the UK people like is it because to fight terrorism they say or to fight drugs or this kind of stuff. What's the argument used by the government to solve that to the people? I think actually one thing that's important to bear in mind is that I'm not sure most of the public in the UK is even aware of it. So I think unlike the work of intelligence services in agency where terrorism is used as the excuse for ever more power and especially laws that have become increasingly invasive actually with policing we don't even fall in that kind of discourse because it's actually hardly talked about in the UK. And the mobile phone extraction stuff we've been looking at is low level crimes. So that's like you have it could be you know a pub fight it could be a robbery which that's more serious it could be an assault. So they want to use it in every case for all the other techniques we have no idea what they're using for that's one of the the problems. The next question from the internet please. When you say that there's a lack of laws and regulations from for police concerning US and document and data from devices are you talking just about UK and or USA or do you have any examples of other countries who do better or worse? I don't know of any country that has a regulation on publicly available information on social media. Microphone number four. Thank you again for a great talk in terms of data exploitation. An element that I didn't hear you talk about that I'd like to hear a little bit more is when there are questions around who is doing the exploitation. I know in the US some FOIA researchers get around how difficult it is to get data from the feds by going after local and state police departments. Is that something that you're doing or do you have a way of addressing confusion when people don't know what agency has the data? Yeah, I think actually one of the thing the data exploitation program at First International is doing is actually looking into the connection between the private sector and governments because obviously at the moment there's the whole question of data brokers which is an industry that's hardly regulated at all that people don't necessarily know about. We don't... The companies that are doing it or are unfamiliar has the whole name. Let's merely talk a little more about the government aspects of it. I guess the question is again, a country by country basis. We work in many countries that don't have any data protection regulations at all. So there is this first difficulty is how do we regulate? How do we limit the power of the state when you don't even have the basic legislation around data protection? One thing to bear in mind is the problem with companies is how do you also hold companies accountable? Whereas with the states there is the whole challenge of finding the right legal framework to limit their power but maybe I'll let Emily talk a little more about this. Yeah, with our FOIA requests we tend to go after everyone. So with the example of the Home Office saying something that the other police didn't, that was because we went to all the different state bodies. And I think that there's a good example in the states where there's far more research done on what the police are doing but they're using the same product in the UK, I think it's Axiom and they're a storage device for body-worn camera videos and a lawyer in the state said that in order to access the video containing his client he had to agree to the terms and condition on Axiom's website which basically gave them full use of his client's video about a crime scene. So that's a private company having use of this video. So given that we found they're using it in the UK we don't know if those kind of terms and conditions exist but it's a very real problem as they rely increasingly on private companies. Number two, please. Thank you for your work. Perhaps you've already answered this partially from other people's questions but it looks like we have a great way to start the process and kind of taking the power back but the state and the system certainly doesn't want to give up this much power. How do we actually directly, what's kind of the end game? What's the strategies for making the police or the governments give up and restore balance? Is it a suit? Is it challenging through Parliament in the slow process of democracy or what do you think is the right way of doing it? I never think one works on its own. Even though I'm a litigator I often think litigation is quite a weak tactic particularly if you don't have the public on side and then again if you don't have Parliament. So we need all of them and they can all come through different means so we wouldn't just focus on one or their different countries it might be better that you go down the legal route or the down the parliamentary route but in the UK we're trying all different routes so for example on mobile phone extraction in the beginning of next year we're going to be doing a video we're going to be doing interviewing the public and speaking to them about it we're going to be going to Parliament and I've also been speaking to a lot of lawyers so I'm hoping some cases will start because those individual cases brought by local lawyers are where also you see a lot of change like the John Cat case that's one lawyer so I think we need all different things to see what works and what sticks. We haven't had number three yet. Hi, thanks for the talk. So I have a question regarding concerning the solution side of things because one aspect I was missing in your talk was the economics of the game actually because like you are from the UK and the private sector has like stepped in also in another public domain, the NHS to help out because funds are missing and I would like to ask you whether or not you think first of all the logic is the same within the police departments because it might also be like a cost-driven aspect to limit the salaries or because you have a problem with police force coming in because you have to pay their rents and automated things especially when given to the private sector which has another whole logic of thinking about the stuff is cost-saving and so maybe it would be a nice thing whether if you could talk a bit about the attempt to maybe get the economics a bit more into the picture when it comes to solutions of the whole thing. So I think you are very right in pointing actually the relation to compare what's happening with the NHS and what's happening with the police because the economics of companies offering policing services arise from the same situation there's a need of doing more efficient policing because of budget cuts so the same way the NHS is being essentially privatised due to the budget cuts and due to the needs that arise from being limited in your finance again there's a similar thing with the police is when you're understaffed then you're more likely to rely on technologies to help you do your work more efficiently because essentially with predictive policing the idea behind this is that if you know where crime will happen then you can focus the limited resources you have there and not sort of look at the more global larger picture so I mean I'm not going to be here on stage advocating for more funds from the police I'm not going to do that but I think there is a desperate need to reframe actually the narrative around how we do policing actually and definitely also look at a different perspective and a different approach to policing because as I've tried to show you it's been a really long time since this narrative has developed of more data that leads to crime resolution but actually what I didn't have the time to get into in this talk is actually all the research that are showing that those products actually don't work like Predpaul is actually basically gas lighting a lot of police officers with their figures the kind of figures that are pushing and suggesting or just like planning accurate it's not accurate to compare a city on one year to what a city is becoming in another year so it's not even clear that a lot of this project are even like properly functioning and in a sense I don't want them to function I'm not going to say oh if you had better predictive policing then the problem will be solved no that's not the question the question is how do we have regulation that force the police to look differently into the way they're conducting policing then number four please so thank you for your presentation I have a question about SogMint from my opinion SogMint might violate the terms of services of for example Twitter and Facebook have you tried to cooperate with these companies to make them actually enforce their TOS? So actually so there's two things as I said like they're all companies that are doing scraping of data and you're right in this case they violate the terms of services of Facebook and Twitter now the other the problem is that there is already a loop to this and actually the marketing company I was talking about that's being used by the UK police what they essentially do is that they purchase the data from Facebook and Twitter so this is why it's interesting because when Facebook say oh we don't sell your data well essentially actually with marketing with marketing tools that are there to monitor what people say about products essentially what they're doing is selling your data they're not selling it's really like your name or your location or things like that but whatever you're gonna be posting publicly for example in like groups or public pages is something that they are gonna be trying to sell to those companies so I think you're right and maybe Millie will have more to say about this I think those companies have a role to play but at the moment I think the challenge we face is actually this loop that we're facing where by purchasing the data directly from the company they don't violate the terms of services yeah we've spoken a bit to some of the social media companies we've been told that one of their big focus is the problems of the social media monitoring at the US border and so because there's a lot known about that they're looking at those issues so I think once we show more and more the problems say in the UK or in other countries I think it would be very interesting to look at what's happened over the Catalan independence vote period to see how social media was used then I think the companies aren't gonna react until we make them although they probably will meet with us a slightly different aspect that we revealed in a different part of our work that the intelligence agencies were gathering social media that's probably not groundbreaking news but it was there in plain fact and so they all got a bit concerned about how that was happening whether some of them knew or some of them didn't so the better our research the more people speaking about it I think they will engage or we'll find out are they getting are the police getting it lawfully or unlawfully? and number one please thanks for your talk I have a question on predictive policing because German authorities in the last two years piloted pre-crops, predpoll, projects and free states I think and they claimed that they would never use these techniques with data on individuals but only kind of aggregate data like the near repeat stuff you presented and they presented it as just an additional tool in their toolbox and that if used responsibly it can lead to more cost-effective policing do you buy this argument or would you say that there's inevitably a slippery slope or kind of like a path dependency to more granular data assessment or evaluation that would inevitably infringe on privacy rights? I think and this goes back to the question of like you know are we using policing to identify where crime is happening or who is committing crime but actually I think even if we stick to this even if we stick to identifying where crime is happening we still run into problems we still run into the fundamental problem of predictive policing which is we only have data on crime that have already been reported that have already been addressed by the police and that's by essence already biased data if we have a police in some areas then we are more likely to further police because the solution of those companies of those algorithm will be leading to more to the suggestions that crime is happening more predominantly in those areas so as we've seen so far is that we fall into this fundamental problems of over policing communities that are already overpoliced so in a sense in terms of well the right to privacy but also the question of the presumption of innocence I think purely just having trying to cultivate data on where crime is happening it's not efficient policing first of all but it's also accusing challenges for fundamental rights as well Yeah I guess it's not a great comparison but a lot of what they're bringing in now is a program to assist you with the charging decision so you've got someone you've arrested do you charge them or not the police say of course it's only advisory you only have to look at how busy a police station is to know how advisory is that going to be and how much is it going to sway your opinion so the more you use these tools the more it makes your job easier because rather than thinking where are we going to go what areas things going to happen who are we going to arrest will the computer tell us to do this so let's just do that Thank you And microphone number three please Thank you Do you think that there are any credible arguments to be made for limiting the police's abilities under acts in the UK that incorporate EU level restrictions on privacy, data protection on human rights or fundamental rights and if so do you anticipate that those arguments might change after Brexit Well they're bringing in GDPR and the law enforcement directive now and they're not going to scrap those once Brexit comes in we'll still be part hopefully of the European Court of Human Rights but not the European Court of Justice I think there are going to be implications it's going to be very interesting how they play it out they're still going to want the data from Europol they want to be part of Interpol they're policing operates at a different level and I think if they have to comply with certain laws so that they can play with the big boys then they probably will but they may do things behind the scenes so it depends where it works for them but certainly the politicians and definitely the police want to be part of those groups so we'll have to see but we will still use them and we'll still rely on European judgments the force they have in a court of law may be more difficult Does the internet have any questions? Nope? Wow Then number two please So you've mentioned that they don't have really good operational security and sometimes some stuff that should not be leaked now within the last year we had major data leaks all across the world like Philippines, South Africa just to mention a few Now if the data secured Opsak is so bad in the police in Great Britain it's not unlikely that some thing will happen in Europe of a similar kind what kind of impact do you think such a huge data leak of private information which the police legally stored has even if it was not leaked by the police and it would be leaked by a private company that had some way access to it I guess it depends what it is if it's a database with serious criminals and only the bad people then people will think well it's good they have that information but they need to make it more secure if somehow databases which held all sorts of information saved from people's mobile phones innocent people's pictures all that kind of thing then we might see a much wider public reaction to the tools that are used and the safeguards the legal safeguards will become a lot quicker then probably we will achieve in the way we're trying to go now because there'll be a bigger public outrage Okay one last and hopefully short question from microphone one Hi thanks for the talk it was really interesting it's actually quite a short question how much is a celeb right and can we buy one I did look to buy one I think it's I think there was someone in eBay but I'm not sure if they were like the right things but a couple of thousand pounds but I think you have to actually be a police force to get those ones maybe there are other types but it's expensive but not unobtainable but I'm trying to find universities that might have them because I think that a lot of forensic schools I'm hoping that they will I know they do extractions of laptops but I haven't found one yet that does phones but I probably haven't asked enough people so thank you very much