My four-year research project ‘Securing Private Communications’ is coming to an end. A grande finale of sorts is my public defense ceremony on 25 November. The ceremony is open to the general public, and the venue is humongous, so you’re all very welcome to join me.
The public defense takes place on 25 November, 11:00am, in the Aula of the University of Amsterdam (Address: Singel 411). A large church in the heart of the city, that seats over 1.000 people. Feel welcome to come, if it weren’t only for the free drinks and bites afterwards :) The program is roughly as follows:
- 11:00 – ‘Lekenpraatje’ (short talk by me for non-experts).
- 11:10 – Start ceremony with a procession of the Committee.
- 11:10 – Questions by each Committee Member about my thesis.
- 12:00 – Evaluation of my answers, ‘backstage’ by the Committee.
- 12:15 – Result and, if passed, handing over of the doctorate.
- 12:30 – Reception with drinks and bites.
14:0013:30 – End (we need to make way for the next group).
The public defense is the culmination of a peer-review process, that started months (or in fact, four years) ago when my supervisors Prof. Nico van Eijk and Prof. Natali Helberger gave the go-ahead for me to submit my full manuscript to the Committee, consisting of four University of Amsterdam professors and three from other universities. Six weeks later, the Committee decided that the thesis was fit for defense. In the meantime, and weeks after, I worked on the camera ready ‘academic version’ of my doctoral thesis. The print edition – with rigorous editing and updates to include recent developments such as the CJEU safe harbor judgement – will be published by Kluwer Law International in a few months, by the way the first time they ever publish a work in these series under a Creative Commons license.
The full title of the thesis is Securing private communications – Protecting private communications security in EU law: fundamental rights, functional value chains and market incentives.
The academic version is available open access, here. Here’s a short summary of the book:
Communications security has become a major concern for law- and policymakers around the world. The continuing string of Snowden disclosures, breached iCloud accounts of megastars and successful hacks of cars cruising the highway are just some of the countless prominent examples of severe incidents, that illustrate our dependence on private communications security and make us realize that our private communications are systematically insecure. In response, the EU lawmaker has launched several sweeping reforms of EU communications security legislation in the last two years. Against this background, the study chose as its central research question: how should the EU lawmaker protect private communications security?
The study contains the first in-depth historical analysis in the legal literature of over three decades of EU communications security law (Part I). Subsequently, the study researched concepts and tools for the EU lawmaker in fundamental rights law, computer science and the political sciences (Part II). The study then developed a procedural model for EU communications security legislation, which was tested in two case studies on communications protocol HTTPS and ‘cloud’ communications through the lens of the Snowden disclosures, operation MUSCULAR in particular (Part III).
The study concludes (Part IV) that the EU lawmaker can and must augment private communications security, but fails to integrate several crucial fundamental rights, socio-technical and market developments outlined in this study. The study therefore recommends a fundamental reconceptualization of EU communications security law and offers five suggestions on how to reorganize its very foundations:
- Afford basic and comprehensive protection to meet new positive obligations from EU fundamental rights law;
- Make explicit the implicit and covert capture of the EU policy agenda by national security interests of the Member States and align these with fundamental rights;
- Afford protection along the entire functional value chain of networked communications, rather than merely to ‘personal data’ or a narrow set of market actors.
- Correct deep and persistent market failures in networked communications;
- Use the analytical model of Part III as a new departing point for protecting private communications.
If the EU lawmaker fails to integrate the first four recommendations, EU law is at serious risk of repeating conceptual shortcomings of the past, of reinforcing existing systemic vulnerabilities and market failures, as well as leaving the fundamental rights of 500 million citizens insufficiently protected.
The study adopted a multi-disciplinary approach, combining legal research methods with insights and original research from computer science, security economics and the political sciences. It is the first academic study of its kind on the thorny conundrum of securing private communications through EU law.