|
Privacy and Security: Finding a Balance |
|
|
April 29, 2003
Over the past year and a half, the tug of war between privacy and security has reached a new level, and I'm not convinced that people are willing to give up their privacy in pursuit of security. Of course, I'm willing to put up with inconveniences at airports and office buildings; I'm now accustomed to removing my shoes before going through airport metal detectors, and I've had my photo taken many times before getting into elevators in office buildings. But I do have a problem with indiscriminate data gathering that invades people's privacy without really improving security.
The mass collection of personal information and subsequent mining of that
data will not solve the security problem. Instead, the government ends up with
far more information than any person or any computer can analyze. The problem
behind the 9/11 attacks was not that the government had too little information.
Rather, it had so much information that it couldn't tell what was important.
Data mining is problematic because it results in extensive watch lists of
people who share "suspicious" traits, such as an Arabic surname or a fondness
for movies about airplanes. But so many people end up on these lists that the
lists become an inefficient way of finding the bad guys. Data mining is better
for building a case after the fact than for preventing an attack. The massive
data collection measures are more effective at trampling our privacy.
Several technology developments for gathering, sorting, mining, and
distributing all kinds of information about people pose potential threats to
privacy. Here are just a few of them.
All sorts of records are now digitized. Everything from tax returns and
legal settlements to sales receipts is now in digital format, which can be
easily copied.
Databases have proliferated. Since everyone from your bank to your local dry
cleaner is storing customer information in a database, large data repositories
are inviting targets for hackers. Databases also make it easier for people to
look up information they have no business accessing.
Databases are increasingly linked. New application integration technologies
such as Web services are designed to tie databases together easily, allowing
business intelligence software to pinpoint specific information in multiple
databases.
The Internet makes collecting, sharing, and sending information easy.
Inexpensive digital cameras, particularly Webcams, let people capture images
wherever they go.
These technologies are here to stay, and their potential for both good and
evil is real. Recently, the NYPD made the right decision to destroy a database
it had created of antiwar protesters' prior political activities. But other uses
of data-gathering technologies have me concerned.
Under the USA Patriot Act, libraries and bookstores can be required to turn
over their patron records. This information used to be considered private. The
American Library Association has opposed this legislation, and some libraries
have been very public about shredding their records.
Meanwhile, the U.S. Department of Defense's Total Information Awareness
research project is looking into surveillance through mass data mining of all
sorts of public databases. And the Domestic Security Enhancement Act of 2003,
now under discussion, would expand the government's power even more, letting it
use a database to collect, analyze, and maintain DNA samples and other
identification information from suspected terrorists. It would also enable the
government to obtain information from private businesses without a subpoena.
In one camp are those who see these steps as necessary measures in the fight
against terrorism. I fall in the opposition camp of those who believe that the
security gains aren't worth the intrusion of privacy, which I consider a
fundamental freedom. Even more disturbing, most of these new restrictions are
being implemented after very little public debate.
So we're left with some difficult problems, and I don't have the answers. But
I can suggest some safeguards, such as legislated encryption of identifying data
to eliminate or minimize abuse of such data, legislated access to one's own
records to correct errors, creation of an oversight panel to put a stop to
spurious data collection, and a continuing requirement for judicial oversight
and subpoenas for the collection of private information.
| |
|
Article Source
PC Magazine |
 | |
|
|
|
 |
| "Privacy and Security: Finding a Balance" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
