Contact

Security Versus Privacy


February 12th, 2010 at 1:51 am

CEOs occasionally say things they wish they could take back. Eric Schmidt of Google must have felt that way after causing a firestorm in early December when his comments about privacy came to light. When asked by reporter Maria Bartiromo of CNBC if users should be trusting Google with increasing amounts of personal data he responded, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
That’s fine advice coming from your grandmother but not from someone who may control vast amounts of private information. Security expert Bruce Schneier wrote in a 2006 essay about the inherent right to privacy. Without it, he said, “we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that — either now or in the uncertain future — patterns we leave behind will be brought back to implicate us.”
The current threats to our privacy are very real. Our purchases, movements, phone calls clicks, and location increasingly are documented each second of each day. If that data is used and destroyed, fine, but as storage prices plunge, it hangs around for the value it may offer banks, marketers, phone companies, the police…practically anyone. How many of us would survive having every action or offhand remark we’d ever made scrutinized? Consider that for a second and you get a feel for how life is lived in societies where privacy does not exist.
The dilemmas for individuals, governments and corporations are many, as Schmidt is now learning. In the US, privacy rights are not as controlled or explicit as in the EU. Banks, in particular, have been very successful at getting Congress to stay at arms length in defining privacy rules. This allows them to share your personal financial data with departments and partners who may use it for marketing purposes.
As consumers we’ve also been complicit in the slow loss of privacy. Both in the financial sphere, and now in the personal sphere, thanks to social media sites such as Facebook, individuals have been willing to part with personal information in return for value received. But we may be paying too high a price. Interestingly, while I was conceiving this post, a colleague—a web-savvy guy who runs a blog agency—wrote to say he was curtailing his Facebook usage due to privacy concerns.

privacyversussecurity-240In the diagram the political argument roughly takes place within the oval. The left claims that security efforts imperil privacy; the right claims privacy protections imperil security.
What’s at stake in our privacy battles? Is it a tradeoff between security and privacy, as the US government positioned it during debates of the Patriot Act? Or privacy and convenience, as the banks would have it?
And, how would we synthesize a solution in which we achieve both aims? Schneier wrote in 2006 that security versus privacy is a false choice and “the real choice is liberty versus control.”
Ideally, sensible privacy protection is combined with adequate convenience for commerce.”

privacyversusconvenience-240No matter what the cause, a society with no privacy is in a state of tyranny. Imagine this scenario: One day you wake up to discover the government has been investigating your background, going back several years, with no cause. They’ve talked to people you know, examined your transactions, and tracked your movements. You’d be justifiably upset. But this is precisely what the Googles, Facebooks, banks and telcos of the world are already doing. We should not make it sound more ominous than it is but also we should be free from oversight by Google or Facebook or anyone else, just as we should be free from government control. The principle is that privacy is important, whether we have something to hide or not.

What do you say? Is the issue Privacy versus security? Privacy versus convenience? And, how might we model this question so that better options become available to us? I’ll explore the implications of this dilemma for public trust, and for corporate strategy, in the next post.