• E-mail this page
• |  Print this page
• | 
• | 
• | 

Privacy And Security--Are Both Possible?

My belief is that pretty much everyone, from law enforcement officials to anyone short of true anarchists, perhaps, wants the bad guys to be apprehended. (Even the most ardent privacy watchdogs have kids they want to protect from online predators and mothers they want to shield from phishing scams.) The disagreement is usually over how far to go to get the bad guys either before or after the fact, and how many innocent people it's permissible or understandable to drag into the middle of that effort--in other words, where to draw the line between security and privacy.

Confusing matters are the different interpretations and views of the U.S. Constitution and related national and state laws.

Reasonable people can disagree, of course, and often do. But perhaps the first place to start is with our expectations. Entire businesses exist on the premise of buying, selling, and trading information about individuals--our credit history, current financial status, how many speeding tickets we've gotten, and much more.

In other countries, it's different. Japan, Canada, and many European nations require businesses to get individuals' consent before trading their personal information, and they ban the wholesale collection of information. Citizens are allowed to see any data on record about themselves, and can correct mistakes. In many of these other countries, a privacy officer enforces compliance.

But that's only one side of it, and it would be too easy just to blame Big, Bad Business. As Americans, we're all about convenience; we want what we want when we want it. With this mindset, it's easy to see how information about us--and often from us--flies all about and sometimes spills over into dark places. How many credit cards do we really need, anyway?

In Europe, goods are usually bought with pre-paid debit cards that have embedded chips instead of the magnetic stripes that are more easily stolen by crooks. (That often happens by means of card readers attached to legitimate store and bank credit-card readers that "skim" the mag-stripe info and save it for the criminals' later use.)

When was the last time anyone asked to see our photo ID when we paid by check or credit card? (And when they did, how many eye-rolls and/or sighs of impatience accompanied that request as we fumbled through our wallets or purses for the requested ID?) How many of us really do shred our old bank statements and other important documents that contain information nobody else should see?

How many times have we given our Social Security Number to store clerks and others who have asked, when other forms of ID would have sufficed instead? In Massachusetts, for years the Registry of Motor Vehicles used a person's SSN as his or her driver's ID number, and actually printed it on the driver's license for all to see. In recent years the option has existed to request a different ID number, but I'm amazed at how many people still opted to have their SSN printed on their licenses.

It's time we take personal responsibility for and about our own information, and here I'm including everything from finance to health. We must, individually and collectively, become much more proactive about what's out "there" about us and take turns to remedy, erase, or correct the situation. It is our good name, after all.

This is a complex issue, and so it's not surprising that there are multiple--and sometimes mixed--messages and ideas. On one hand, President Bush last month signed into a law a bill that will require
all Americans to obtain machine-readable ID cards approved by the Department of Homeland Security. The law, known as the "Real ID Act of 2005," was attached to a military spending bill; enforcement starts in May 2008.

(Again, looking to other countries, a Japanese court recently ruled that a national ID system violates their citizens' right to privacy and ordered that a state government remove data it had collected on various residents.)

On the other hand, the privacy chief in the Department of Homeland Security is taking a close look at the department's use of data collected by outside businesses--the accuracy and security of that data, how it's being used, and whether individuals know it. The use of biometric passport data on some foreign nationals is also being held up--mostly because the countries involved are pushing back on providing fingerprint and iris scans of their citizens.

Also, just today the House of Representatives voted to restrict government sources from looking up individuals' library records and bookstore sales receipts. (Looking at Internet use in libraries is still fair game.)

Then, too, there are bills wending through Congress that mean to restrict the use of SSNs as identification, that would allow consumers to be notified when information about them crossed from one database to another, and that would create a national privacy officer to keep an eye on things.

Perhaps most interesting, though, was a recent government conference I attended. The number of people talking about these issues, and asking thoughtful questions of speakers and each other, was really something to see. As citizens, as government employees, as technologists, a good number of the people at this conference expressed concerns about the proper balance of power.

Fishing expeditions and the harassment of peaceful people are not in the spirit of our country, but neither is allowing innocents to be harmed by terrorists or, more likely, their family members. We're all muddling our way through this rugged terrain, and it's my hope we can keep talking to each other--and keep listening--and use the technology our industry creates to its best and noblest purposes to help solve the essential problems of our society and of the world around us.

« Peeking Behind The Screen | Main | Help Wanted: IT Pros Looking For New-Job Advice »