Does Profiling Make Us More Secure?

2010

Profiling through predictive data mining has already found its way onto the security agenda of the European Union (EU). This technique, designed to allow for the automatic flagging of individuals allegedly deserving 'further attention', is increasingly being developed, supported, and even implemented (typically, in the name of counterterrorism) -but with extremely limited publicity. The debate on the risks to fundamental rights and freedoms of individuals posed by profiling has been sidelined, with worrying implications. This paper summarises a number of key points that are relevant for a much-needed discussion of the challenges ahead.

SSRN Electronic Journal, 2019

In this article, we provide an overview of the literature on chilling effects and corporate profiling, while also connecting the two topics. We start by explaining how profiling, in an increasingly data-rich environment, creates substantial power asymmetries between users and platforms (and corporations more broadly). Inferences and the increasingly automated nature of decision-making, both based on user data, are essential aspects of profiling. We then connect chilling effects theory and the relevant empirical findings to corporate profiling. In this article, we first stress the relationship and similarities between profiling and surveillance. Second, we describe chilling effects as a result of state and peer surveillance, specifically. We then show the interrelatedness of corporate and state profiling, and finally spotlight the customization of behavior and behavioral manipulation as particularly significant issues in this discourse. This is complemented with an exploration of the legal foundations of profiling through an analysis of European and US data protection law. We find that while Europe has a clear regulatory framework in place for profiling, the US primarily relies on a patchwork of sector-specific or state laws. Further, there is an attempt to regulate differential impacts of profiling via anti-discrimination statutes, yet few policies focus on combating generalized harms of profiling, such as chilling effects. Finally, we devise four concise propositions to guide future research on the connection between corporate profiling and chilling effects.

Datenschutz und Datensicherheit-DuD, 2006

Profiling is not about data but about knowledge. It provides a crucial technology in a society that is flooded with noise and information. Profiling is another term for sophisticated pattern recognition, and the enabling technology for Ambient Intelligence. It confronts us with a new type of inductive knowledge, inferred by means of automated algorithms. To the extent that decisions that impact our lives are based on such knowledge, we need to develop the means to make this knowledge accessible for individual citizens and provide them with the legal and technological tools to anticipate and contest such knowledge or challenge its application. Dr Mireille Hildebrandt Senior Researcher at LSTS, Vrije Universiteit Brussel, teaching at Faculty of Law Erasmus University Rotterdam.

Criminal profiling is the process of using crime scene evidence to make inferences about potential suspects, including personality characteristics and psychopathology. An exploratory Internet survey of forensic psychologists and psychiatrists was conducted to examine their experiences with and opinions about profiling and to determine whether referring to profiling as " criminal investigative analysis " had any impact on these opinions. About 10% of the 161 survey respondents had profiling experience, although more than 25% considered themselves knowledgeable about profiling. Fewer than 25% believed that profiling was scientifically reliable or valid, and approximately 40% felt that criminal investigative analysis was scientifically reliable or valid. Although the scientific aspects of profiling lacked support, respondents viewed profiling as useful for law enforcement and supported profiling research. The image of a criminal profiler sorting through crime scene evidence and definitively identifying a guilty suspect is popular in novels, television shows, and movies. However, this popular image is more fiction than fact, and the process and limits of real profiling work are often misunderstood. Criminal profiling is the process of using behavioral evidence left at a crime scene to make inferences about the offender, including inferences about personality characteristics and psychopathology. In its most basic form, profiling is simply the postdiction of behavior; an action has taken place that allows investigators to make inferences about the person responsible (Davis & Follette, 2002). Despite popular images of criminal profiling, the main goal of profiling in real investigations is to narrow the scope of a suspect pool rather than to identify a single guilty criminal (Douglas & Olshaker, 1995).

Behavioral Economics is defined as a method of economic analysis that applies psychological insights into human behavior to explain economic decision-making. It mainly focuses on the effect of emotions, opinions, norms and habits on the process of decision-making and it supports that humans are characterized by a bounded rationality, which means that people are not fully rational when they make choices, either due to heuristics and biases or due to information asymmetries, lack of attention, limited working memory… The list is endless. A rational person is someone who has self-control and decides based on logic and reason, after considering the costs and benefits that are linked to a particular choice. The aim of this paper is to prove how relevant the insights of Behavioral Economics are for Data Protection Law, particularly regarding the complex phenomenon of Internet Profiling. Effective manipulation techniques are adopted by marketers and service providers in order to urge internet users to disclose personal information and to guide them to specific decisions. These techniques are based on the exploitation of human frailties. The same human frailties are to blame for users waiving their data rights, despite the fact that they are concerned about their privacy. Because of these human weaknesses, people disclose data which is then processed, analyzed and used for the construction of data profiles. These data profiles reveal even more personal information about them and thus enable even more effective manipulation to take place, now in the form of targeted advertisements. In order to examine the complex phenomenon of Internet Profiling, a sociolegal approach will be adopted and a thorough analysis will be made. In the first section, I will try to define internet profiling and simplify its concept as far as possible. The role of Artificial Intelligence and Algorithms in relation to the processing and the analysis of data will be examined. The second section will expose the ways data is distributed with a main focus on the intraoperable way, according to which a huge amount of data is accumulated under the control of a sole data controller. Two examples of such data controllers (Google and Facebook) will be given in order to show how many sources of data (data points) they have, by virtue of their expansion strategies. In the next section, I will go through an analysis of all the problematic aspects of internet profiling. The first part will pinpoint that Artificial Intelligence and algorithms are not infallible in an effort to debunk the myth of the perfection of computing systems. The side-effects of the system’s errors will be examined. The second part will mainly deal with the way those who control the datasets use their power in order to avail themselves, with a central focus on “nudging”, a manipulation technique which takes advantage of human’s heuristics and biases. Apart from the consequences of this tactic on several levels, an assessment of the technique on grounds of effectiveness will also take place. In the third part, a discussion about autonomy and privacy issues will take place, while in the final part, the theory of propertization of data and the proposal of paying with money instead of data for the use of certain services will be evaluated. The next part will present the legal framework of Internet profiling. Firstly, an examination of the legal term of “concept” will take place, since it plays a central role in Data Protection Law and in the Cookies Directive, according to which users must consent to the tracking of cookies at their devices. The requirements for a consent to be valid will be cited. Secondly, the human frailties which are to blame for users’ giving their consent will be outlined. Last but no least, the implications of Article 22 of GDPR, regarding automated decision-making and thus of great relevance for internet profiling, will be presented.