This page provides information on research projects.

KIRAS AREAS - Aerial search & Rescue support and supErvision of inAccessible terrainS

Through the combined use of Unmanned Aerial Vehicles (UAVs), sensors in the visible, infrared and multispectral ranges as well as laser scanners, an effective and efficient acquisition of information in inacessible terrains is achieved in real time. This reduces the risk for responder organisations and the resources required to gather information in the event of crises, disasters and damage situations.

Aerial information gathering offers substantial advantages in the framework of the Austrian National Crisis and Disaster Management (SKKM – Staatliches Krisen- und Katastrophenschutzmanagement) as it enables both fast attainment of the overall operational picture and in-depth insight at particular points of interest.

Within the KIRAS project AREAS (Aerial search & Rescue support and supErvision of inAccessible terrainS) the Centre for Computers and Law analyses the legal aspects, especially data protection with regards to the use of UAVs and also supports the interoperability of civil and military operatives by concilitating technical and legal aspects.

Horizon 2020 MARCONI

MARCONI takes on the expectations and challenges that radio faces today: engaging users and offering personalised experiences on various digital platforms. The project aims to enable fully interactive and personalised radio solutions, integrating broadcast radio with digital and social media. A service-driven software platform will be developed to easily manage listener interaction automation for incoming text, audio, picture or video content by using AI technologies and novel multimedia content analysis technology.

The Centre for Computers and Law develops the legal framework regarding data protection (GDPR) and media and intellectual property law and also supports the development of data management systems and consent management.

KIRAS Smart Identification

The KIRAS project Smart Identification aims at supporting the fight again organised human trafficking on a national and European scale. To support crime fighting in this area, information on exodus routes or routes of human trafficking as well as on the identity of victims is required. The public authorities face the problem of non-identificability if only uncertain and doubtful information is available. The project focuses on the analysis of exodus routes, the detection of unaccompanied minors and the identification of victims using if possible their documents and their smartphones. While smartphones collect and contain a lot of data, which can be used for these legitimate purposes, the executed measures will need to be in compliance with the subject’s right to privacy and data protection. The Centre for Computers and Law analyses the legal framework and supports the development of a concept that is in compliance with the right to privacy and data protection.

KIRAS-Projekt ACCSA - Austrian Cyber Crises Support Activities

The KIRAS project ACCSA (Austrian Cyber Crises Support Activities) aims to develop comprehensive training, exercise and evaluation concepts for all CKM (cyber crisis management) stakeholders to prepare for cyber crises and thereby reducing response times and error rates in the event of a real cyber crisis. Even in “traditional” crisis and catastrophe management regular exercises (for example, the practice of a chemical accident) have proved to be a feasible means to enable all parties involved to practice. However, a similar use of training and exercise concepts, especially for CKM with technical and organizational support is not yet available. Current exercises often focus on non-dynamic and linear exercises. Technical products for training are currently only commercially offered, available only to members of certain specialist circles and not open to the public.

The CKM concepts, processes, and methods are supported by the implementation of a CKM Toolbox, a system for software-supported training and exercise that spans over several CKM communication levels (e.g., engineering, management, first responder, policy makers).

Building on the results of past projects, the Centre for Computers and Law supports the development of this CKM Toolbox by analysing legal bases for possible measures of the various actors within cyber crisis management, including developments in jurisprudence and legislation on a European and national level.

KIRAS CySiVuS - Cyber Security for Transport Infrastructure- and Road Operators

Within the KIRAS project CySiVuS (Cyber Security for Transport Infrastructure- and Road Operators) cyber security aspects of a comprehensive road transport infrastructure system which will be more used intensively by interconnected cars in future, are analysed from the perspective of the road operators. The project partners are developing a reference architecture also taking into account the legal framework. The Centre for Computers and Law analyses the legal issues which have to be considered within risk assessment and will also develop a comprehensive compliance analysis which will cover relevant legal and social aspects of the reference architecture.


KIRAS DARKNET - Darknet Analysis

The KIRAS project DARKNET (Darknet Analysis) aims to develop privacy-aware automated analysis of underground marketplaces and restricted overlay-networks. The main legal issues with these underground forums are the exchange of illegal goods, criminal or terrorist activities or propaganda, which also include criminal activities regarding states security like the acquisition of botnets for attacks on critical infrastructure. The focus of the project therefore lies in the development of privacy-preserving machine learning methods which comply with the right to privacy and exclude uninvolved third parties. The Centre for Computers and Law analyses the legal aspects of this project.

KIRAS PASA - Public Warning and Alert System for Austria

The KIRAS project PASA (Public Warning and Alert System for Austria) develops a novel, holistic concept for the warning and alerting of the Austrian population using an interdisciplinary approach. This will improve the effectiveness of civil protection and the efficiency of first responder organizations greatly, which highly depends on the level of cooperation or interference by the civil population and which can e.g. help to optimize the pace of evacuations, actively seek shelter in times of imminent danger or help to offload intensively used road infrastructure sections. In the current paradigm, the warning and alerting of the civil population in Austria is performed solely in coarse granularity via sirens and via the Austrian broadcasting companies, whereas the current state-of-the-art would enable to reach the population timely and geographically accurately via multiple communication channels (e.g., mobile phones). This would enable the authorities to provide the population with the locally relevant information in real time, opening the potential of optimizing the safety of the civil population as well as its cooperation with the first responder organizations and thus increasing both the organizations’ efficiency of operation and the general level of public safety. The envisioned system will precisely reflect the complex legal framework of the Austrian federal system as well as that of Data Protection and E-Privacy. To this end, PASA will continuously evaluate the compatibility of the envisioned solutions with the given legal framework.

KIRAS INTERPRETER - Interoperability in Disaster Management of the next Generation

The KIRAS project INTERPRETER (Interoperability in Disaster Management of the next Generation) is part of the Centre of Computers and Law’s research in the legal aspects of Disaster Management. INTERPRETER utilizes the latest software design methods in order to accomplish automated data exchange between the military and civil command and control systems, thereby ensuring the preservation of the semantic integrity of data. Furthermore, based on its modular structure, INTERPRETER enables generic extensibility of its interoperability functionalities, which should ensure that the system can be productively utilized for many years to come. In addition, the project has developed and evaluated an extended concept for IT-supported inclusion of the civil population in the process of crisis and disaster management and in this way addresses the corresponding willingness and preferences of the citizens. The Centre for Computers and Law focuses on the legal framework of the developed architecture including data sharing within disaster management through web-applications or apps.


Scalable Measures for Automated Recognition Technologies

Automated recognition of individuals and/or pre-determined traits or risk factors/criteria lies at the basis of smart surveillance systems. Yet new EU regulations and specifically those on information sharing between police and security forces explicitly prohibit automated decision-taking regarding individuals unless “authorised by a law which also lays down measures to safeguard the data subject’s legitimate interests” (Art 7, CFD 2008/977/JHA). Which laws are applicable in this context? What measures are envisioned? What else should the law contain? Can the laws be technology-neutral but sector specific, thus permitting a measured approach to the appropriateness of smart surveillance technologies in key security applications? Can they be extended to all security applications of smart surveillance, even those not covered by CFD 2008/977/JHA?

The SMART project addresses these and other questions through a comprehensive approach which combines a technical review of key application areas by sector with a review of existing pertinent legislation to then produce a set of guidelines and a model law compliant with CFD 2008/977/JHA and EU Directive 46/95



Rules, Expectations & Security through Privacy-Enhanced Convenient Technologies


Convenience and cost-effectiveness are the two key considerations for both citizens and security forces when deciding which technologies to embrace or avoid in the Information Society. State actors and private corporations adopt information communication technologies (ICTs) because they are cost-effective. The motivation for adoption may be different in the private and public sectors but once adopted these ICTs are then capable of being bridged in multiple ways permitting police/security forces to go beyond the data they gather directly but also increasingly tap into data gathered and stored by private corporations. These ICTs, which have to date gone through a period of largely organic growth, will be deemed to be “in balance” if they are implemented in a way which respects individual privacy while still maximising convenience, profitability, public safety and security. RESPECT seeks to investigate if the current and foreseeable implementation of ICTs in surveillance is indeed “in balance” and, where a lack of balance may exist or is perceived by citizens not to exist, the project explores options for redressing the balance through a combination of Privacy-Enhancing Technologies and operational approaches. Investigating at least five key sectors not yet tackled by other recent projects researching surveillance (CCTV, database mining and interconnection, on-line social network analysis, RFID & geo-location/sensor devices, financial tracking), RESPECT will also carry out quantitative and qualitative research on citizens’ awareness and attitudes to surveillance. RESPECT will produce tools that would enable policy makers to understand the socio-cultural as well as the operational and economic impact of surveillance systems. The project will also produce operational guidelines incorporating privacy by design approaches which would enable law enforcement agencies to deploy surveillance systems with lowest privacy risk possible and maximum security gain to citizens.




Enterprise- and User-oriented Strategy for Trust and Identity in Cyberspace

The formation of identity management federations has been slower than expected. Despite their potential business benefits, numerous issues have impeded their take up such as: validating the trustworthiness of the various providers, the use of appropriate business models, and legal redress and liabilities.

The objective of EUSTIC is to facilitate the creation of profitable Trust and Identity Federations as well as the joining together of existing federations on a pan-European and global basis. It will do this through the creation of a free to use Trust and Identity Federation Toolkit and Reference Library comprising: a methodology for the successful creation of profitable identity and trust federation management infrastructures, various business models, a business federation score card, a risk management methodology, a trust framework meta model with supporting tools, an open source reference implementation, model contracts and legal agreements, and support for the (partial) automatic negotiation of agreements and the construction of federations. All of this will be made readily available via the EU Joinup web site.

In order to validate the utility of the Federation Toolkit and Reference Library EUSTIC will spawn the creation of new identity management federations, as well as interconnecting existing federations from different EC countries in a new pan-European federation. This will be achieved through the EUSTIC Partner Alliance that is supporting the business development of federations through a representative coverage of use cases in multiple sectors (finance, transport, utility, housing, health, trade and services) across Europe. By the end of 2011 the Alliance already has the support of more than 60 organizations, including 15 large enterprises.