ScreenDiscussion

Blogging background checking and security issues

4.12.2005

Summarizing Privacy v. Security

I want to see if I can very generally summarize everything I’ve been reading on various blogs about the privacy/security balancing act. If you read this and have another perspective or thoughts that will make this clearer, please feel free to speak up. I think it’s important to note that the perspectives that exist do not have to be mutually exclusive. It’s possible to integrate them.

Everyone agrees that regardless of the enforcement method, security is needed. No one is advocating a free-for-all society where the strong rule the weak and laws aren’t enforced. What the debate comes down to is how to increase security in our society and still maintain privacy for individuals, and there are a few different thoughts.

One of the more common perspectives is that companies should not ask for or retain personal data that is not essential to their business practices. This is just extra data that either costs money to secure or is forgotten and left unsecured. A number of companies have had this kind of data compromised. The rule for consumers should be, “If it’s not needed, don’t give it.” This thought protects the consumer’s personal information and aims to preserve anonymity.

Another thought is presented by Dennis Bailey at Open Society Paradox. He argues that a higher degree of openness in society results in a higher level of accountability for the members of society. If everyone can see what you do, the cost of doing something wrong is much higher. He also points out that anonymity is the terrorist’s friend and that zero anonymity does not necessarily mean zero privacy. It’s a stimulating idea, and I’m interested in learning more about it. As it is, however, I fear a big brother effect since there has to be someone monitoring the system and enforcing laws.

There is, of course, a common belief that all personal data held by companies should be safeguarded by the latest security technology. A hacker shouldn’t have an easy time accessing a company’s database and there should be security standards that companies have to adopt. Also along these lines, businesses should have processes in place designed to ensure that new clients are indeed legitimate businesses. There currently are laws that govern data security in different industries, but I wonder how up-to-date those laws are given the changing state of technology.

Laws provide some incentive to secure stored data, and typically where laws fall short (sometimes by design) in America, competition picks up. Companies that don’t follow good business practices, including in areas related to security, shouldn’t survive. While this might be true in the long run and for many scenarios, security issues present a problem to the model. Insecure companies may eventually go out of business, but until they do there will be a lot of people adversely affected. Since we are a democratic nation and value our individual liberties, the only way to deal with this kind of problem is with legislation that attacks it immediately.

What people disagree with is the kind of legislation that is passed. There is legislation like the Homeland Security Act, which many view as a bumbling attempt to quickly solve some of the problems, and other legislation like the Fair Credit Reporting Act, which is generally accepted as very good for individual citizens. I expect (or really hope) that the laws passed will become more refined and better at addressing the real problem of reconciling high security with individual privacy and freedom.

So what should we do?

1 Comments:

Post a Comment

<< Home