| Full text | Click to download. |
| Citation | White paper presented to members of the PORTIA project and the Yale Law School Information Society Project, January 26, 2005
|
| Author | Nimrod Kozlovski
|
Democratic society must set a balance between policing power and individual freedoms. This paper invites us to examine the optimal regulatory balance considering the growing importance of online policing. It argues that instead of focusing on ex-ante authorization of policing activities, we should better focus on proper accounting of policing operations. Rules of ex-ante authorization are ill-suited to the needs of online policing. They create processes that impede efficient policing practices while at the same time providing limited protection to civil liberties. We should focus instead on designing technologies to watch the watchers and to facilitate a culture of policing accountability. Accountability is a concept rooted in offline policing and ingrained in its daily routine. However, audit and control procedures have failed to transfer properly from the physical policing environment, and as a result a longstanding culture of policing accountability has been distorted. Instead of direct audit and control which could have been implemented in the technology itself, current regulation tends to establish additional layers of authorization, operational procedures, and indirect reporting requirements. Such regulation is a poor substitute for direct audit and control mechanisms. It misses the potential of information technologies to provide automated, tamper-proof, timely, and comprehensive logs, and to support control mechanisms. When logging, audit and control functions are implemented in the technology, they function in sync with the policing operation. When auditing requirements are not in sync with operational practices, ``auditing loopholes'' are more likel! y to appear. Law enforcement needs to stand accountable for the tools at its disposal as well as the actual use of those tools in policing activities. Information technologies and surveillance tools which operate as black-boxes are in conflict with accountability. Disclosure of the source code should be the rule and controlled disclosure a limited exception. We need to design several features into policing technology to account for its usage: (1), audit trails that maintain records of a system's activity, application processes, and a user's activity, to monitor the use of internal systems as well as law enforcement connection to private databases; (2) predictive analysis tools to control and report anomalous use and potential misuse; (3) appliances to interoperate with external auditors to check the system's usage and run random checks; (4) anonymized and ``cleaned'' report functions to enable the production of automated detailed reports without disclosing sensitive or proprietary protected information. Such a comprehensive design would support several objectives, including individual accountability, process examination, reconstruction of events, intrusion detection, and evidence integrity checks. Legal rules should serve to support accountability-enhancing design and to promote a culture of accountability. We need to set legal accountability requirements for policing actions and set disciplinary sanctions for the destruction of accounts. We need to specify auditing and control requirements and set reporting standards. Principles of reliable accounting must be incorporated into the legal requirement rather than left to policing discretion. Simultaneously, we need to redesign procedural dynamics and litigation processes to promote accountability. This paper draws guidelines for the following measures: restructuring of evidence law and discovery law to produce more reliable and usable audits; reenactment of Freedom of Information Act's obligations to limit the exemptions from disclosure; redesigning of judicial proceedings in the investigation process to shift from an ex parte format to an adversarial process; designing of new legal proceedings to hold law enforcement accountable for preventive actions which are not aimed at prosecution; and last, regulation of proceedings against policing practices that are carried by private parties.