Deliverable 7.2 represents a genuine attempt to crystallise the multi-disciplinary nature of the FIDIS Network of Excellence in a document assessing the many facets of profiling, with contributions coming from across a wide spectrum of disciplines.

Profiling is a powerful, critical and worrying technology because it is probably the only way that massive volumes of data about individual and group behaviour can be mined, whether for nefarious or benign purposes. Ever larger volumes of data have been the holy grail of generations of social scientists, medical researchers and technologists, and with profiling alongside new data-gathering technologies such data is available with the means to mine it for all its value. This deliverable examines how different approaches to profiling are taken, reviewing along the way some of the different technology contexts in which it can be used. Though matters of privacy and security loom behind every corner, the main focus of this deliverable is not on such issues. Subsequent deliverables will move into this. Clearly, with its multiple applications in marketing, law enforcement and surveillance, e-medicine and e-health - to name just some, there exist currently many avenues along which profiling might progress, but unless the consumers and citizens of today and tomorrow have more knowledge of the actual workings of this technology, they will not be able to make informed decisions about how to respond when they are increasingly importuned for their personal data in the future. This report hopes to make a useful contribution to the vital task of explaining how profiling may impact the life of citizens and consumers in the coming years.

[ Download ] [ Read Online ]

This document considers some of the wider aspects of privacy and security in the AmI environment as these are affected by profiling techniques and methods. It has been shown that by the very nature of the AmI space such issues are prevalent. Although it is unclear exactly how the AmI environment will develop, and indeed how it will be accepted by society as a whole, it is predicted that in some form AmI will appear in our everyday lives. However, AmI space requires a high level of profiling to be successful. Solutions for issues of privacy and security are usually located at a technological and a legal level, both implicating the social and the cultural. In this deliverable a first exploration of technological solutions and a first extensive exploration of relevant EU law is presented. As to the technological level, the report discusses two privacy-enhancing techniques to provide pseudonymous customised services. In these models, the user is in control of his own data, and has an Identity Management Device (IMD) that manages his data, profiles and preferences. The IMD presents the user preferences to ambient intelligence devices in order to obtain personalised services. The first technique is based on anonymous credentials, and it may not be appropriate to be implemented in many ambient intelligence environments, as it requires costly resources. The second technique is adapted from the field of targeted advertising. It is cheap to implement, and ambient intelligence devices with low storage capacity and computation power could easily implement it. As to the legal level, an extensive survey is made of the EU Data Protection Directive and other relevant sources of EU law, such as the Privacy and Electronic Data Communications Directive, and E-Commerce Legislation, Consumer Protection Legislation. This survey, focused on relevant implications for both group profiling and personalised profiling, and implications at the level of the collection of data, the construction of profiles and at the level of their application, should serve as a first inventory on which subsequent deliverables can build.

[ Download ]  [ Read Online ]

Profiling: Implications for Democracy and Rule of Law

The possible effects of profiling technologies should be considered from a less policy-oriented perspective than may be usual within NoE’s. This deliverable has chosen to raise some fundamental issues at the intersection of law, political theory and human identity – all related to the advance of profiling technologies. At this moment, highly sophisticated data mining techniques are becoming available to corporations and governments because of the ever cheaper and ubiquitous hardware and software that surrounds us. These technologies provide profiles with a flux of instant-categorisations that will be adjusted in real time if the Ambient Intelligent vision comes through. How will these instant-categorisations affect individual citizens and their sense of self? Will they be aware of this impact and does it matter if they are not? Should we worry about collection and processing of personal data, or only about sensitive personal data, or is this a crucial error, because profiling technologies construct intimate knowledge out of trivial data? Can abuse be prevented by counting on the human decency or ‘good practices’ of those in power, or do individual citizens need legal and/or technological tools to enforce such decency if necessary? Democracy and rule of law cannot be taken for granted; they are indeed historical artefacts that need constant maintenance and reconstruction, to deal with the dynamics of a changing world. It may even be the case that the proliferation of information will clog efficient and effective government and fair, competitive market infrastructures unless profiling technologies provide the means to select relevant information from irrelevant information, in order to build knowledge instead of just collect a meaningless abundance of data. The question will be how to reconstruct the checks and balances in the face of the new developments. The report begins with a careful exploration of democracy and rule of law. It continues by laying out possible implications of profiling and discussing tools to recreate checks and balances. After that, four critical replies are presented that deliver short, critical discussions of the issues at stake. In the conclusions the arguments are summarised and provided with a reply to critics.

[ Download ] [ Read Online ]

The second workshop of the WP 7 titled ‘AmI, RFID and Profiling’ (D7.6) was organized at the Vrije Universiteit Brussel on January 20th as preparation for deliverable 7.7. This report records the participants to the workshop and their presentations and includes the relevant issues and the proposed structure of the report on ‘AmI, RFID and Profiling’, discussed during the meeting. On top of that it summarises the decisions taken during the workshop on the contributions to and content of the report.

[ Download ]  [ Read Online ]

The target of this study is to provide a multifocal perspective on the workingsof radio frequency identification (RFID) technologies, integrating technical,social and legal perspectives. As this deliverable is part of the work package onprofiling, it regards RFID as an enabling technology for Ambient Intelligence,the ‘Internet of Things’ or the age of ‘everyware’. Ambient Intelligence (AmI)implies a real time adaptive environment in which most adaptive decisions aretaken by machines in a process of machine to machine communication. Thesedecisions are based on what is called autonomic profiling, severely restrictinghuman intervention, while being in need of a continuous and dynamic flow ofinformation. This raises many of issues that need to be anticipated and dealtwith. This deliverable will provide a descriptive analysis to prepare the way formore fundamental research into the possibilities to integrate legal andtechnological solutions and more specific research into the development of aholistic privacy framework for RFID technologies. Both are taken on in thethird work plan of the FIDIS NoE.

[ Download ] [ Read Online ]

The third workshop of Work package 7 on "A Vision on Ambient Law" (D7.8) was organized at the Vrije Universiteit Brussel on January 26th 2007 as preparation for deliverable 7.9. This report records the decisions taken during the workshop regarding the relevant issues, and takes note of the proposed structure of the report on "A Vision on Ambient Law", as agreed during the meeting. It also contains a list of participants, the program of the workshop, the slides of the presentations and the working document that was sent round for discussion.

[ Download ] [ Read Online ]

This report addresses the research question: can law as embodied in the futureAmbient Intelligence architecture - Ambient Law - safeguard the core valuesof privacy and non-discrimination, while at the same time helping to realise thepotential of Ambient Intelligence? This question is answered by analysingAmbient Intelligence and the role of Ambient Law therein from a conceptual,legal, and technical perspective.

[ Download ] [ Read Online ]

Deliverable D7.10 aims to detect literature that moves beyond juxtaposition of different disciplinary perspectives. It provides the starting point for a growing selection of literature references in identity-related areas, such as RFID, Biometrics, Profiling and Ambient Intelligence with a long perspective of being dynamic. A wiki workpad page is created on the internal portal in order to provide a discussion forum. Over time it will not exceed 100 references. As such, only the references which are perceived of highest quality and with a strong multidisciplinary point of view will be included in the selection. The creation and maintenance of the selection is based on the Reference Manager Software, which allows people to consult, search and export the literature selection.

[ Download ] [ Read Online ]

The fourth workshop of WP 7 (D7.11) was organized on 21.02.2008 at the
Vrije Universiteit Brussel to prepare deliverable D7.12 on Biometric
Behavioural Profiling (BBP) and Transparency Enhancing Tools (TETs).

[ Download ] [ Read Online ]

Behavioural Biometric Profiling allows for data controllers to pick up on a variety of behavioural patterns, ‘leaked’ by citizens in their everyday lives. These patterns can be used to re-recognise a person without having recourse to identification in the sense of a name or address. In an Ambient Intelligent environment such pattern recognition would allow for massive group profiling, inferring a great many profiles that entail knowledge about health risks, earning capacity, life-style preferences, criminal intentions.
This deliverable builds on previous joint research into profiling, detecting the pitfalls of invisible data collection and processing. It elaborates on the concepts of Ambient Law and Transparency Enhancing Tools, investigating to what extent an integrated set of legal transparency rights and technological transparency tools could ensure the right balance between the production of new knowledge generated by BBP and the possibility for citizens to anticipate the application of such knowledge to their person.

[Download]

To prepare FIDIS deliverable D7.14 on Idem and Ipse Identity in Profiling, a workshop D7.13 was held. The workshop took place in two stages. The first, a parallel session during the General FIDIS Meeting (Berlin) on 26 March 2008, discussed possible contributions for deliverable 7.14. The second part, during the FIDIS Dresden Research meeting on 25 September 2008, discussed first results and the fine-tuning of contributions. This report records details of both stages of the workshops.

[Download]

Deliverables 7.14a and 7.14b seek to detect in which way the new type of profiling that is the subject of FIDIS work package 7 – machine profiling based on data mining techniques – is different from previous ways of profiling, and how this relates to the construction of our identity. The concepts of idem and ipse, coined by the French philosopher Ricoeur, are used to look into the issue of human identity as something that emerges between a person and her environment. The question we try to answer is how sophisticated and dynamic categorisation as produced by profiling machines (data mining) may impact identity formation, in comparison with the familiar type of categorisation that is generated by human profiling (stereotyping and social labeling). In this report, D7.14a, we undertake a theoretical and conceptual exploration of the concepts of idem and ipse, in relation to human and machine profiling. The follow-up report, D7.14b, will discuss how these concepts apply in more concrete contexts.

[Download]

Deliverables 7.14a and 7.14b seek to detect in which way the new type of profiling that is the subject of FIDIS work package 7 – machine profiling based on data mining techniques – is different from previous ways of profiling, and how this relates to the construction of our identity. The concepts of idem and ipse, coined by the French philosopher Ricoeur, are used to look into the issue of human identity as something that emerges between a person and her environment.

This report, D7.14b, discusses how the concepts explored in D7.14a apply in concrete contexts of profiling. It describes four contexts, ranging from present-day to future ICT-related practices: 1) ICT-based identification in business-consumer and government- citizen relationships, with a focus on trust-enhancing tools; 2) the social web (blogs, wikis, social networking); 3) virtual worlds (gaming and persistent worlds); and 4) a cyborg interacting with his environment. Based on the profiling practices occurring in these contexts, the report tentatively suggests that a constitutional right to idem and ipse identity should be introduced, to allow citizens to construct their identity in freedom in the world of web 2.0 and its future successors.

[Download]

The kick off workshop D7.15 was organized on 24.10.2008 at the Tilburg
Institute for Law, Technology and Society (TILT), at Tilburg University, The
Netherlands, to prepare deliverable D7.16 on Profiling in Financial Institutions.

[Download]

Financial institutions have both business incentives and legal obligations to
create risk profiles of their clients. Implementing profiling policies, however,
raises several problems and does not seem to be effective and efficient for the
purposes intended, such as risk management or tracking fraud, money
laundering and terrorist funding.
In this deliverable, it is investigated how risk profiling strategies are
implemented in practical environments in financial institutions and which
practical problems this may cause. The focus is on both legal and informational
aspects. From a legal perspective it is investigated whether translation of
legislation into practical policies and procedures has the intended effects. From
an informational perspective it is investigated whether the systems and analyses
used for risk assessments have the intended effects.

[Download]