Skip to main content

PRISMS: Privacy and Security Mirrors

Table of contents

Project Structure

The PRISMS project analyses the traditional trade-off model between privacy and security and works towards a more evidence-based perspective for reconciling privacy and security, trust and concern. It has examined how technologies aimed at enhancing security are subjecting citizens to an increasing amount of surveillance and, in many cases, causing infringements of privacy and fundamental rights. PRISMS conducted both a multi-disciplinary inquiry into the concepts of privacy and security and their relationships and an EU-wide survey to determine whether people evaluate the introduction of security technologies in terms of a trade-off. As a result, PRISMS will determine the factors that affect the public assessment of the security and privacy implications of a given security technology. The project is using these results to devise a decision support system (DSS) providing users (those who deploy and operate security systems) insight into the pros and cons, constraints and limits of specific security investments compared to alternatives taking into account a wider society context.

Objectives and Goals

The  primary objective of  PRISMS is to provide users with a decision support  system (DSS)  that gives them an insight into the  pros  and  cons  of  specific  security investments compared to a set of alternatives, taking into account a wider societal context.

To achieve this objective, PRISMS has developed a proper conceptual frame that positions security and privacy, trust and concern, in relation to each other, and that is empirically validated by the Europe wide survey.

The PRISMS project will help ensure the security of citizens while respecting fundamental rights,  including  the  protection  of  privacy  and  personal  data,  through  its  analysis  of technologies used for security and privacy, the policy assessment of security and privacy, its criminological  and  legal  analysis,  its  public  discourse  analysis  as  reflected  in  the  media  and analysis  of  existing  public  opinion  surveys.

Expected Impact

PRISMS will deliver informed  analysis as well as a practical methodology  for considering  alternative  security  investments  (not  simply  investments  in  alternative technologies,  but  also  organisational  and  policy  alternatives),  which  will  be  useful  for  investors and other  stakeholders concerned about reconciling security and privacy, trust  and  concern.  The decision support system developed in PRISMS will provide guidelines for a priori  reasoning  about  possible  conflicts  arising  from  security decisions and offer possible solutions to those conflicts.

Research & Results

Work package 1 – Developing a common research framework

For most citizens, the meaning of privacy and security seems obvious because they have an implicit feeling about them that some may call “common sense”. However, both are colourful notions. This becomes evident when looking at the definition of the terms and their framing in different scientific disciplines. Therefore, a clear understanding of the terminology and the research questions is necessary. This work package developed a common understanding of the research questions and the terminology used in PRISMS; planned  subsequent work packages in detail so that there could be congruence of approach of the partners’ work and, developed a conceptual frame leading to the ultimate development of a decision support system.

Work package 2 – Analysis of security and privacy technologies

This work package provided an overview of current developments and trends in security and privacy technologies and their inter-relationships by collecting and studying technology reports, foresights and roadmaps in the field of security and privacy. It analyses how users attribute meaning to privacy and security technologies. It developed illustrative examples that were used in the survey and monitors relevant developments in security and privacy technologies occurring during the course of PRISMS.

Work package 3 – Policy assessment of security and privacy

This work package assessed the dominant framework in force in security policy circles concerning security and privacy and analysed the policy approach of the relationship between privacy and security and the perception concerning citizens. Policy documents reveal how security and privacy technologies are perceived by policy-makers, how they reflect certain expectations and ambitions. A discourse analysis of the meanings, expectations and ambitions with regard to the fulfilment of policy ambitions and the use of security/privacy technologies shed light on the perception of security and privacy implications by citizens. This work package includes an inventory of the most relevant security and privacy related policy documents of the past decade within the European Union and selected Member States, a discourse analysis of these documents, followed by monitoring security and privacy policy developments in different contexts.

Work package 4 – Criminological analysis

This work package  conceptualised the notions of security and privacy from a criminological perspective and then used this knowledge base to provide input into the development of the survey (on citizens’ perceptions of the relationships and interdependencies between security and privacy), its concepts, questions and hypotheses. This work package will contextualise the survey results based on the criminological knowledge base about crime (control) and public opinion and the results of a qualitative research case study. This work package focuses on how the new surveillance practices in the European field of crime control came into being, what technologies, actors and institutions have been mobilised and involved and what rationalities have come to shape, connect and transform notions of crime control, security and surveillance. A qualitative case study on security in airports has been used to further develop and refine the PRISMS conceptual framework and understanding of citizens’ attitudes and opinions.

Work package 5 – Privacy, data protection and security from a legal perspective

This work package analysed the legal conceptualisations of privacy and data protection on the one hand, and security on the other. It analysed the legal relationships between privacy and security, and between data protection and security. It provided legal input on issues of privacy, data protection, security and their legal relationship for the preparation and conception of the survey. The consortium carried out a state-of-the-art analysis of legal approaches to privacy and data protection; investigated their relationship; analysed the meaning of both privacy and security from the point of view of constitutional theory and delved into the legal significance of individuals’ choices in relation to privacy, data protection and security.

Work package 6 – Privacy and Security in the Media

There are strong interrelations between public discourses, media reporting and the individual and collective perception of privacy and security. However, for the whole of Europe and even for individual Member States, a continuous and comparative content analysis that identifies discourse patterns and differences between different risks is still a desideratum. Therefore, this work package identifies important topics regarding privacy and security covered in the media, maps the media landscape in Europe and analyses how the media constructs notions of “privacy” and “security” and their impact on citizens’ perceptions.

Work package 7 – Analysis of existing public opinion and social values surveys

In this work package, the consortium analysed existing surveys on privacy, security, surveillance and trust with an evaluation of their reliability, shortfalls and applicability for policy-makers. This research informed the design and development of the survey that the consortium undertook in each EU Member State (under work package 9). This work package involved a detailed analysis of existing public opinion surveys on privacy, security, surveillance and trust, a meta-analysis, a review of survey questioning techniques, shortcomings, lessons learned and longitudinal comparisons, and an analysis of social value surveys.

Work package 8 – First integration of results

This work package combined and compared the results from all prior work packages and verified them through expert interviews. It developed hypotheses about the public’s privacy and security perceptions to be tested in the survey and developed a concept for the statistical analysis of the survey results.

Work package 9 – Survey of citizens’ privacy and security perceptions

The main task of this work package involved the preparation and conduct of a representative, trans-European survey, including 27,000 telephone interviews to ascertain citizen’s privacy and security perceptions. The preparation involved assessing and refining of hypotheses (through focus groups), designing and testing of questions. Data collection used a quota sampling approach, and employed random digit dialing (RDD) telephone methodology in all countries, using both landline and mobile telephones. This survey will help determine whether people evaluate the introduction of security technologies in terms of a trade-of and the public attitude/opinion in relation to this trade-off/relationship. It will also determine the factors that affect public assessment of the security and privacy implications of a given security technology.

Work package 10 – Second integration – Interpretation of results

Work package 10 will carry out advanced statistical analysis to answer the central quantitative questions, test hypotheses and explain the interrelationship between privacy and security attitudes. This work package will put the citizen’s survey results into context. To test and validate our findings in advance of using them for the final stage of the project, the consortium will organize a number of small-scale deliberative workshops. These workshops will discuss, inter alia, the potential risk of dual use of the Decision support system to manipulate public opinion by those wishing to promote or undermine support for security interventions and possible countermeasures to consider when designing the DSS.

Work package 11 – Decision support system

One of the main objectives of PRISMS is to design a “decision support system providing for insight into the pros and cons of specific security investments compared to a set of alternatives taking into account a wider societal context”. The audience of the decision support system is the users, i.e., the stakeholders responsible for security investments.

The decision support system provides support for decision-making, i.e., it is not the decision-making “device” itself. The system has been developed based on methods of risk assessment and stakeholder involvement as elaborated in other domains. The decision support system offers an analytical frame in which pros and cons of the alternatives are weighed in a number of policy-relevant dimensions. The result is a multi-dimensional framework assessing the impact of a specific investment decision against a number of identified alternatives.

Work package 12 – Dissemination and liaison

This work package focuses on identifying and reaching out to stakeholders to raise their awareness about the research and findings of PRISMS and to encourage them to support the project’s recommendations. A dissemination strategy will elaborate the consortium’s stakeholder engagement and dissemination activities (e.g. project website, press releases, journal article papers, conference presentations, final conference).

Publications

The following publications stem from the work completed in the duration of the PRISMS project.

2015

2014

  • González Fuster, Gloria and Serge Gutwirth (2014) “Ethics, Law and Privacy: Disentangling Law in from Ethics in Privacy Discourse”, in Proceedings of the 2014 IEE International Symposium on Ethics in Science, Technology and Engineering, 23-24 May 2014, Chicago. http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6893376.
  • González Fuster, Gloria (2014), ‘How uninformed is the average data subject? A quest for benchmarks in EU personal data protection” in Balcells, J., Cerrillo i Martínez, A., Peguera, M., Peña-López, I., Pifarré de Moner, M.J., & Vilasau Solana, M. (eds.) Internet, Law and Politics. A decade of transformations. Proceedings of the 10th International Conference on Internet, Law & Politics. Universitat Oberta de Catalunya, Barcelona 3-4 July, 2014. Barcelona: UOC-Huygens Editorial, ISBN: 978-84-697-0826-2, pp. 241-258. http://edcp.uoc.edu/proceedings_idp2014.pdf

2013

  • Finn, Rachel L., David Wright, and Michael Friedewald, “Seven types of privacy”, in Serge Gutwirth, Ronald Leenes, Paul De Hert, and Yves Poullet (eds.),European Data Protection: Coming of Age, Springer, Dordrecht, 2013, pp. 3-32.
  • van Lieshout, Marc, Michael Friedewald, David Wright, and Serge Gutwirth, “Reconciling privacy and security“, Innovation: The European Journal of Social Science Research, Vol. 26, No. 1-2, 2013.

2012

  • Lagazio, Monica, “The evolution of the concept of security”, The Thinker, Vol. 43, 2012, pp.36-41.

Consortium

The PRISMS project was undertaken by a large and varied consortium of partners from across Europe, including:

Fraunhofer ISI – Project Coordinator

The Fraunhofer Institute for Systems and Innovation Research (ISI) is part of the Fraunhofer Society for the advancement of applied research, the largest organisation for applied research in Europe.  Fraunhofer  ISI  conducts  interdisciplinary  research  at  the  interface  of  technology, economy  and  society under  contract  to  the  European  Commission,  the  German Federal Ministry  of  Education and  Research (BMBF),  the  Office  of  Technology  Assessment at  the German Parliament (TAB), other ministries and industrial companies.

Persons involved in the project:

Dr.  Michael  Friedewald  (Project  Co-ordinator)

Dr.  Simone  Kimpeler

Dara  Hallinan

Jana Schuhmacher

Kerstin Goos

Trilateral Research & Consulting

Trilateral, a niche research and advisory consultancy, specialises in research and providing strategic, policy and regulatory advice on new technologies, privacy, data protection, trust, risk and security issues. Trilateral particularly seeks to help policy-makers improve policy and decision-making in privacy and security, through specialised research and analysis and provide the public and private sectors with practical solutions to address new emerging regulatory and technological challenges. Trilateral has initiated and organised many consortia and proposals under EC FP7 and FP6 programmes.

Persons involved in the project:

David Wright

Kush Wadhwa

Rachel Finn

David Barnard-Wills

Hayley Watson

Vrije Universiteit Brussel

The  interdisciplinary  Research  Group  on  Law  Science  Technology  &  Society  at  the  Vrije Universiteit  Brussel  (LSTS),  is  devoted  to  analytical,  theoretical  and prospective  research  into  the  relationships  between  law,  science,  technology  and  society. While LSTS’s core expertise is legal, it has a strong experience and track record in legal theory,  philosophy  of  sciences  and  bio-ethics,  and  engages  in  criminological  and  STS-research too. The LSTS team publishes widely and has been involved in internationally networked research projects. LSTS is the main organiser of the annual “Computers, Privacy & Data Protection” (CPDP) Conferences (www.cpdpconferences.org).

Persons involved in the project:

Serge  Gutwirth

Paul De Hert

Kristof  Verfaillie

Gloria González Fuster

Jenneke Christiaens

Francesca Menichelli

Imge Ozcan

TNO

TNO is the largest Dutch Research and Technology Organisation focusing on applied research, realising impact when addressing societal challenges. As of January 2011, TNO organises its activities in themes, one of the themes being the Information Society. TNO was founded by the Dutch government 80 years ago and has since been a major consultant and research institute on a wide variety of technological and societal challenges for national and European government, leading business companies and societal organisations. It has 4000 researchers working on one of the seven themes of the TNO organisation.

Persons involved in the project:

Marc van Lieshout

Gabriela Bodea

Anne Fleur van Veenstra

Bas van Schoonhoven

University of Edinburgh

The University of Edinburgh has an international reputation, with a research ranking in the top five in the UK and first in Scotland. It collaborated in about 180 FP6 projects (€45 million). The School of Social and Political Science (SSPS) embraces Politics and International Relations, Sociology, Science Studies, the Research Centre for Social Sciences, etc. Members of the School have close links with the Institute for the Study of Science, Technology and Innovation (ISSTI), as well as with the law and technology research centre (SCRIPT) in the School of Law.

 

Persons involved in the project:

Professor Charles D. Raab

Eötvös Károly Policy Institute

The  Eötvös  Károly  Policy  Institute  (EKINT)  is  a  small  research  and  policy  organization created  in  2003  by  the  Soros  Foundation  in  Budapest,  in  order  to  establish  a  novel, unconventional institutional framework for shaping democratic public affairs in Hungary. The Institute  is  deeply  committed  to  the  liberal  interpretation  of  constitutionality,  constitutional democracy, and individual rights. EKINT has been a partner in EU-supported projects such as BROAD, ETICA and LiSS COST Action.

Persons involved in the project:

Dr.  Iván  Székely

Dr. Szonja Navratil

Dr. Erik Uszkiewicz

 

Hogeschool Zuyd (ZUYD) – Infonomics and New Media Research Centre

The Infonomics and New Media Research Centre (INM) is a research unit within the ICT Faculty of Zuyd University of Applied Sciences, specializing in research concerning IT, digitisation and society, with a strong focus on digital identities. INM currently consists of a multi-disciplinary team of teaching staff and researchers, representing a range of disciplines: philosophy, sociology, ethics, law, communication and media theory, computer science and software engineering.

Persons involved in the project:

Dr. Irma van der Ploeg

Dr. Jason Pridmore

Dr. Govert Valkenburg

Ipsos MORI

Ipsos MORI is a full-service market and social research agency based in the UK and is part of the international  Ipsos  Group.  It  delivers  market  and  social  research  for  a  wide  range  of public, private and third sector clients using a variety of quantitative and qualitative research techniques.  Ipsos MORI is the second largest market and social research agency in the UK and the third largest  in  Europe  and  has  an  extensive  international  research  capacity  thanks  to  strong  links with Ipsos companies around the globe. Ipsos  MORI  is  a  member  of  the  Market  Research  Society  (MRS),  ESOMAR  (the  European Society  for  Opinion  and  Marketing  Research),  WAPOR  (World  Association  for  Public Opinion  Research),  BPC  (British  Polling  Council)  and  BMRA  (British  Market  Research Association) and, as such, adheres to their Codes of Conduct.

Persons involved in the project:

Gideon  Skinner

Peter Cornick 

Just published: Privacy and Security Perceptions of European Citizens: A Test of the Trade-off Model

Friedewald, Michael, Marc van Lieshout, Sven Rung, Merel Ooms, and Jelmer Ypma, “Privacy and Security Perceptions of European Citizens: A Test of the Trade-off Model“, in Jan Camenisch, Simone Fischer-Hübner, and Marit Hansen (eds.), Privacy and Identity Management for the Future Internet in the Age of Globalisation: 9th IFIP WG 9.2, 9.5, 9.6/11.7, 11.4, 11.6/SIG 9.2.2 International Summer School, Patras, Greece, September 7-12, 2014, Revised Selected Papers, Springer, Heidelberg, Berlin, 2015, pp. 39-53. DOI: 10.1007/978-3-319-18621-4_4

This paper considers the relationship between privacy and security and, in particular, the traditional ”trade-off” paradigm that argues that citizens might be willing to sacrifice some privacy for more security. Academics have long argued against the trade-off paradigm, but these arguments have often fallen on deaf ears. Based on data gathered in a pan-European survey we show that both privacy and security are important to European citizens and that there is no significant correlation between people’s valuation of privacy and security.

Privacy is important to European citizens – but there are large differences between the countries

New research has found that on average 67 % of European citizens think that the protection of their privacy is important or very important.

The research, conducted by the EU funded PRISMS project, surveyed (between February and May 2014)  more than 27,000 European citizens over the age of 16 and found that citizen think find it especially important „to know who has information about them“, to have „control who has access to their medical files (both 80%), to „make telephone calls without being monitored“ (79 %) and to „meet people without being monitored“ (76 %).

The survey showed, however, that there are significant differences throughout Europe. Measured on a scale from 0 (not at all important) to 1 (essential) the overall importance of privacy for citizens ranges from 0,46 in Bulgaria to 0,66 in Germany and Finland.

The researchers found that the citizens’ assessment is often related to their trust in institutions such as government bodies but also businesses. Countries with a particular high trust include Finland, Germany while trust in institutions is low in Bulgaria and Portugal. There are, however, a few countries with authoritarian historical experiences (Spain, Greece) where citizens  considered privacy important and have little trust in government bodies in particular.

Europeans want security and privacy – and, oh yeah, privacy is not dead

Privacy is not dead, as the results of a major telephone survey of more than 27,000 respondents across Europe has found: 87% felt that protecting their privacy was important or very important to them. Even more, 92%, said that defending civil liberties and human rights was also important or very important.

The survey may be the most detailed assessment of how people in 27 EU Member States feel about privacy and security. It was conducted as part of the EU-funded PRISMS project (not to be confused with the once-clandestine PRISM program under which the US National Security Agency was collecting Internet communications of foreign nationals from Facebook, Google, Microsoft, Yahoo and other US Internet companies).

The survey showed that privacy and security both are important to people.  There were some consistent themes, e.g., Italy, Malta and Romania tend to be more in favour of security actions, while Germany, Austria, Finland and Greece were less so. Respondents were generally more accepting of security situations involving the police than the NSA.

60% said governments should not monitor the communications of people living in other countries, while one in four (26%) said governments should monitor such communications, while the remainder had no preference or didn’t know. Predictably, there were significant differences between countries. Three out of four respondents in Austria, Germany and Greece said governments should not monitor people’s communications, which was somewhat higher than most other EU countries.

70% of respondents said they did not like receiving tailored adverts and offers based on their previous online behaviour. 91% said their consent should be required before information about their online behaviour is disclosed to other companies. 78% said they should be able to do what they want on the Internet without companies monitoring their online behaviour. 68% were worried that companies are regularly watching what they do.

Some other results: 79% of respondents said it was important or essential that they be able to make telephone calls without being monitored. 76% said it was important or essential that they be able to meet people without being monitored. More than half (51%) felt they should be able to attend a demonstration without being monitored.

80% said camera surveillance had a positive impact on people’s security; 10 % felt it made no difference and even fewer (9%) felt it had a negative impact.  Almost three-quarters (73%) said the use of body scanners in airports had a positive impact on security, while fewer than one in five (19%) felt that the use of scanners had a negative impact on privacy. 38% said smart meters threatened people’s rights and freedoms.

More than one in five (23%) said they had felt “uncomfortable” because they felt their privacy was invaded when they were online. Almost the same (21%) felt uncomfortable because they felt their privacy was invaded when a picture of them was posted online without their knowing it. By contrast, a substantial majority (65%) didn’t feel uncomfortable when they were stopped for a security check at an airport. Respondents were asked if they had ever refused to give information because they thought it was not needed. 67% said yes, while 31% said no. Half of all respondents said they had asked a company not to disclose data about them to other companies.

While the survey generally showed that people were concerned about their privacy, there were some surprises. For example, 57% said it was not important to keep private their religious beliefs. Almost one-third (31%) said it was not important to keep private who they vote for. Only 13% had ever asked to see what personal information an organisation had about them. More than half (51%) had not read websites’ privacy policies.

Respondents had a very nuanced view of surveillance and its impact on their privacy.  Support or opposition to surveillance depends on the technology and the circumstances in which it is employed, if for example the surveillance activity was targeted and independently overseen.

The interviewers gave respondents eight vignettes, or mini-scenarios, and then asked them for their views on the privacy and security impacts, some of which are highlighted below. The vignettes concerned crowd surveillance at football matches, automated number plate recognition (ANPR), monitoring the Internet, crowd surveillance, DNA databases, biometric access control systems, NSA surveillance and Internet service providers’ collection of personal data.

A sizeable minority (30%) felt that monitoring demonstrations threatened people’s rights and freedoms, but that figure fell to 19% if the monitoring was of football matches. 70% felt crowds at football matches should be surveilled; 61% said surveillance at football matches helped to protect people’s rights and freedoms.

Opinion was more evenly divided about DNA databases: 47% felt that DNA databases were okay compared to 43% who did not agree. However, a substantial majority, 60%, opposed NSA surveillance and 57% felt NSA surveillance threatened people’s rights and freedoms.

Also predictably, there were differences in political views. 68% of people on the left felt that foreign governments’ monitoring people’s communications was a threat to their rights and freedoms, compared to 53% of people on the right who felt this way. 60% said these practices made them feel vulnerable. More than half (53%) did not feel these practices made the world a safer place. 70% did not trust government monitoring of the Internet and digital communications. In response to a question about how much trust they had on a scale of 0 (none) to 10 (complete) in various institutions, more than half (51%) of all respondents said they had little or no trust in their country’s government compared to 39% in the press and broadcasting media and 31% in the legal system. Half of all respondents had some or complete trust in businesses, and an astounding 70% trusted the police.

Interviewers described a scenario in which parents find out that their son is doing some research on extremism and visits online forums containing terrorist propaganda. They ask him to stop because they are afraid that the police or counter-terrorism agencies will start to watch him. 68% said security agencies should be watching this kind of Internet use, compared to 20% who said they should not. 53% said security agencies’ doing this helps to protect people’s rights and freedoms. One in five (22%) disagreed.  41% of respondents felt that parents should worry if they find their child visiting such websites. One in five felt parents should not worry because they believed that security agencies can tell the difference between innocent users and those they need to watch.

Another vignette concerned companies wanting to sell information about their customers’ Internet use to advertisers. The companies say the information they sell will be anonymous, but 82% of respondents still said service providers should not be able to sell information about their customers in this way. The figure was 90% in Germany and France, the highest in Europe. 72% of respondents in the UK and across the Union felt such practices were a threat to their rights and freedoms.

The European PRISMS project started in February 2012 and finished in August 2015.  The project has been analysing the traditional trade-off model between privacy and security and devising a more evidence-based perspective for reconciling privacy and security. Among other things, the project is examining how technologies aimed at enhancing security are subjecting citizens to an increasing amount of surveillance and, in many cases, causing infringements of privacy and fundamental rights. The project is also devising a decision support system aimed at those who deploy and operate security systems so that they take better account of how Europeans view privacy and security.

The project has been undertaken by a consortium comprising eight partners from five countries: the Fraunhofer Institute for Systems and Innovation Research (Germany), TNO, the Dutch research organisation, Zuyd University (Netherlands), the Free University of Brussels, the Eötvös  Károly  Policy  Institute  (EKINT) in Hungary and three partners from the UK: Trilateral Research, Ipsos MORI and Edinburgh University.

Ipsos MORI conducted the interviews between February and June last year, since when the other partners have been poring over the results and are now making some of the survey results and their analysis publicly available. The PRISMS consortium said further analysis of the survey data would examine the relationships between demographics, attitudes and values in relation to privacy and security.

More results from the PRISMS project can be found at prisms-project.eu.

David Wright and David Barnard-Wills

Schüren Vertrauensprobleme die Angst vor Massenüberwachung in Europa?

David Barnard-Wills argumentiert, dass EU-Bürger für ihre  Sicherheit nicht unbedingt mehr von ihrer Privatsphäre aufgeben wollen – und dass Politiker dies bei Entscheidungen über Überwachungspraktiken Ernst nehmen sollten.

Angeheizt durch Edward Snowdens Enthüllung von immer mehr Details der Überwachungspraktiken von NSA und GCHQ, hat es in den vergangenen Monaten eine intensive Berichterstattung der Medien über Motive und Grenzen der staatlichen Überwachung gegeben und wie die Bürger über das Verhältnis von Sicherheit und Privatheit denken. Dies hat auf nationaler wie auch europäischer Ebene erhebliche politischer Aufmerksamkeit erregt. Bürgerrechtsgruppen haben Protestaktionen gegen Massenüberwachung organisiert, zuletzt am 11.2. unter dem Motto „The day we fight back“ (Der Tag, an dem wir zurückschlagen).

Es ist daher sowohl für Sozialwissenschaftler und Politiker besonders wichtig und drängend, die Reaktionen der Bürger auf die zunehmende Überwachung genauer zu verstehen. Welche Faktoren sind besonders kritisch und führen zu öffentlichen Protesten und unter welchen Umständen ist die Öffentlichkeit bereit, bestimmte Überwachungs-und Sicherheitsmaßnahmen zu akzeptieren?

Das von der Europäischen Union finanzierte Projekt PRISMS (Privacy and Security Mirrors) versucht, genau dies zu untersuchen. Es versucht, das Verhältnis zwischen Privatsphäre und Sicherheit zu analysieren und eine evidenzbasierte Perspektive für die Vereinbarkeit von Privatsphäre, Sicherheit und Vertrauen zu entwickeln. Es wird untersucht, wie sogenannte Sicherheitstechnologien Bürger zunehmend überwachen und dabei in vielen Fällen die Privatsphäre und andere Grundrechte verletzen.

Eines der wichtigsten Ziele des Projektes ist es, die sehr vereinfachte Annahme zu überwinden, wonach die Bürger Privatheit und Sicherheit als Nullsummenspiel betrachten und es akzeptieren, für ein Mehr an Sicherheit in zunehmendem Masse ihre Privatheit und informationelle Selbstbestimmung aufgeben zu müssen. Als Ergebnis soll das Projekt solche Faktoren ermitteln, die die Einstellungen der Bürger zu Privatheit und Sicherheit beeinflussen und in die Bewertung spezifischer Sicherheitstechnologie einfliessen. Die Berücksichtigung solcher Faktoren in Politik, Verwaltung und Unternehmen kann zu besseren Entscheidungen über Überwachungspraktiken beitragen.

Das Projekt lässt seit Mitte Februar vom  Meinungsforschungsinstitut  Ipsos Mori eine Befragung von 27.000 europäischen Bürgern durchführen, um ein genaues Bild über deren Einstellung zu Privatsphäre und Sicherheit zu erstellen, also zu einer Zeit, da diesen Themen eine erhöhte öffentliche Aufmerksamkeit erhalten. Erste Ergebnisse der Befragung werden im April 2014 verfügbar sein, aber bereits zur Vorbereitung der Umfrage wurden Fokus-Gruppen mit Bürgern in Deutschland, Belgien, Portugal, Dänemark, Estland, Ungarn, Rumänien und Großbritannien durchgeführt.

In den Fokusgruppen hatten viele der Teilnehmer das Gefühl, dass ihre Privatsphäre schwer zu schützen ist, wenn sie an der modernen Gesellschaft teilhaben wollten. Dennoch war ihnen zumindest prinzipiell  der Schutz ihrer Privatsphäre und ihrer persönlichen Daten sehr wichtig.

In den meisten Ländern waren die Teilnehmer der Ansicht, dass sie selbst die Hauptverantwortung für den Schutz ihrer Privatsphäre hätten. Allerdings erwarten Sie auch von den Regierungen ihrer Länder ersthafte Bemühungen, die richtigen Rahmenbedingungen zum Schutz ihrer Rechte zu entwickeln. Schließlich wünschen sie sich auch eine wirksame Durchsetzung dieser Rechte durch staatliche Stellen wie die Polizei und Aufsichtsbehörden. Organisationen, die personenbezogene Daten erheben, sollten dafür verantwortlich sein, dass diese sicher und rechtskonform gespeichert und verarbeitet werden.

Die Teilnehmer der Fokusgruppen wünschten sich in der Regel robuste Anwendungsfälle für Überwachungstechnologien, die auch umfänglich die Interessen der Betroffenen berücksichtigen. Insbesondere wollten die Personen würdevoll und individuell behandelt werden, ohne von Vorherein unter Generalverdacht zu stehen. Bei der Einführung von Technologien, von denen ihre Rechte unmittelbar berührt werden, wünschen sie sich eine frühzeitige und ernsthafte Information über die Funktionsweise und Implikationen der fraglichen Technologie und eine ernsthafte Konsultation der Bürger.

Der konkrete Kontext war allen beteiligten Bürgern sehr wichtig, zum Beispiel war die Akzeptanz von Sicherheits- und Überwachungstechnik auf Flughäfen höher als bei Anwendungen in anderen Lebensbereichen, wie z.B. von intelligenten Stromzählern. Die Vorteile solcher Smart Meter für die Verbraucher waren vielen Bürgern wenig einleuchtend.

Bei der Internetnutzung nehmen Bürger mittlerweile vielfach an, dass ihr Verhalten von staatlichen Stellen breit überwacht werden, um Terrorismus und organisierter Kriminalität vorzubeugen und halten dies (mit der Ausnahme der Deutschen) auch für legitim.

Bürger haben bei Überwachungspraktiken von Unternehmen noch größere Bedenken als bei (rechtmäßiger) staatlicher Überwachung. Sie hatten dabei vor allem Sorgen über die Folgen solcher Praktiken auf ihre körperliche und finanzielle Sicherheit. Die Bürger äußerten das Gefühl, dass sie mit der Wahrung ihrer Rechte sowie moralischen und kulturellen Werte gegenüber Unternehmen in vielen Fällen überfordert sind und hier vor allem der Staat in der Pflicht sei, die notwendige Balance zwischen den Interessen herzustellen.

Diese Befunde haben Konsequenzen für die Governance der Überwachung in Europa. Datenschutz und Privatsphäre sind immer noch wichtige gesellschaftliche Werte und sollten geschützt werden, auch wenn die Teilnehmer sagen, dass es in Einzelfällen, wie zum Beispiel Flugreisen, eingeschränkt werden könnte. Momentan seien die überzogenen staatlichen Sicherheitsansprüchen (Sicherheit als „Supergrundrecht“) nicht in Übereinstimmung mit den individuellen Bedürfnisse nach Sicherheit und Privatheit.

Die PRISMS Forscher der Freien Universität in Brüssel (VUB) haben vorgeschlagen, dass die Art und Weise, wie die Angst vor der Kriminalität häufig in Umfragen gemessen wird, von der Annahme ausgeht, dass sich Menschen normalerweise ein Maximum an Sicherheit wünschen. Empirische Ergebnisse legen aber mittlerweile nahe, dass dies nicht der Fall ist: Wenn Menschen Angst vor der Kriminalität zum Ausdruck bringen oder sich Sorgen über bestimmte Sicherheitsvorfälle machen, bedeutet dies nicht weder, dass sie zusätzliche Sicherheitsmaßnahmen unterstützen, noch dass die Menschen das Gefühl haben, deswegen ihre Grundrechte und Freiheiten aufgeben zu müssen.

Vielmehr scheint es darauf anzukommen, in welchem Maße die Bürger den öffentlichen und privaten Sicherheitskräften vertrauen. Der momentane Widerstand gegen Massenüberwachung durch die Geheimdienste legt jedenfalls nahe, dass es bei einem Teil der europäischen Öffentlichkeit zu einem erheblichen Vertrauensverlust gegenüber staatlichen Institutionen gekommen ist. Die in Kürze vorliegenden Ergebnisse der Umfrage sollte eine genauere Beantwortung dieser Frage ermöglichen und entsprechende Vorschläge für die Politik untermauern.

Alle PRISMS Forschungsberichte sind auf der Projekt-Webseite (http://prismsproject.eu) verfügbar.