07 Jun 2011
As we increasingly shift our lives and business dealings to online services, citizens, businesses and governments will need to resolve the requirements of data privacy with societal concerns such as law enforcement and national security.
As Bruce Schneier has often pointed out, too often the issue is falsely presented as a direct trade-off between privacy and security. That is, when it is discussed at all and not just taken as a working assumption.
Enhancing security does not necessitate encroaching on privacy, and limiting privacy might or might not deliver improved security.
Our data shadows cast a distorted and partial image of the reality in which we inhabit. We have always cast data shadows, though the information revolution has greatly expanded the number and size of the shadows and the ability to rapidly link the information together and share it with other parties.
Depending where we live, our society places various limits and allowances on what data can or must be collected, stored and used. These rules and societal norms originated when data was stored offline. To discover and correlate this information required effort and old fashioned investigative work.
These rules and societal norms are struggling to adapt to the consequences of still rapidly developing information revolution. Whereas once data items had to be acquired, assessed, stored and integrated one at a time, now we can do it wholesale. No longer just intercept one correspondence, listen to one phone call, or check one financial transaction, but potentially all of them, matched together across a broader statistical landscape.
What we deemed appropriate when it applied only to specific citizens during the period they were under investigation along with appropriate approvals and oversight, steps over the boundary when it applies to everybody, all the time and the information is held indefinitely - just in case it might one day be needed.
The risks to citizens are not as simple as insufficient protection from someone improperly accessing their private information. Systems and processes that are legitimized as being necessary for one purpose, such as counter-terrorism, are prone to scope creep and secondary use. In combination with the inherent uncertainty of wholesale data, this creates a propensity to a Kafkaesque bureaucratic quagmire.