A balance?

The theme of the just completed Privacy and Security Conference was ‘Digital Dilemmas, Digital Dreams’.  It had a strong privacy flavour to it, and I found a recurring theme in many of the sessions: a need to find a balance between privacy and security is critical.  We truly experience a dilemma when we make decisions that would favour one over the other.

As many have pointed out, privacy and security do not need to come at the expense of each other.  For example, increased security does not need to decrease privacy protections.  When this happens, things like surveillance cultures develop that are not only harmful to societies but almost impossible to disassemble once in place.  Simon Davies from Privacy International pointed this out in his impassioned presentation on the ubiquitous CCTV systems in the United Kingdom: establishing the cameras in public places has already been completed, and removing them is almost unthinkable despite their ineffectiveness.  Do you want to be the public official responsible for the removal of a system when the next bin Laden might walk through your town next week?  Mr. Davies also points out that building license requirements and insurance companies now mandate that CCTV be installed in order for approvals to be granted to a business.

The reason that Britain has become a mass surveillance society is that when surveillance systems were being planned and implemented, security was the Holy Grail, and privacy — if considered at all — was the second priority.  When 9/11 hit and new legislation was enacted, privacy concerns took a further back seat.

Fortunately, in Canada we have some fairly strong privacy controls in place.  This isn’t because we have brilliant legislators or lack the ability to implement security controls.  Canadian values, privacy awareness and sensitivities to privacy invasions have not been eroded by terrorism and the resulting fear-mongering that follows a terrorist attack.  We bask in our privacy acts and glow with pride each time we write a Privacy Impact Assessment.

There you have it: a tidy, smug, self-assured Canadian view of privacy and security…  But what if we did experience the unthinkable here — the toppling of the CN Tower or a coordinated attack on Alberta’s oil sands infrastructure (and the resulting environmental disaster)?  Would the privacy culture we enjoy survive such an event?  Or would invasive border controls, a national ID card and pervasive wire tapping become our norms as well?

At times it is easy to be smug and satisfied in a country that consistently wins UN awards for being the best country on earth.   We pretend to not understand the American obsession with security, and are aghast when we hear of CCTV in the UK.  How can these countries — our neighbours and cultural peers — allow such an erosion of privacy in the name of security? 

The reality is we have not experienced the same pain, and until we do our indignant rhetoric is just that: naive statements untested by the harsh reality of unthinkable events.  Keeping our balance in an uncertain future will be more difficult than we can possibly know.

Mike

2 Responses to A balance?

  1. Harold Petrich says:

    Great article!

    Although I believe there is a connection between Privacy and Security (e.g. security measures to insure access to private & confidential information) I do not believe there is a balance relationship between the two. For example you can have very high security that will enable a high level privacy or a low level of security with a low level of privacy. You can have a low level of privacy with a high level of security but you can NOT have a high level of privacy with a low level of security hence “balance” does not apply! Balance is a perception of the community to obtain some comfort on security and privacy! Athough the relationship between the two are critical for each other to achieve its objectives they should be managed separately (defense in depth) but with ensured alignment.

    Harold

    Your thoughts (either way) is very much appreciated.

    Thanks,

    Harold

  2. For the most part, I agree, there are many cases where increased security does not result in reducing privacy. What what we need to be aware of is that when we want to implement a technology that DOES impacts privacy, we need to to balance that implementation with appropriate privacy controls. Video and electronic surveillance are particularly good examples of security controls that erode privacy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: