We're Watching

Why we must design privacy protections into our systems

Some degree of watchfulness is needed (i.e. surveillance) in a free society, in order to guard against criminal actions and criminal individuals and groups. Since the times of the early settlers in North America, there have been neighborhood watches and constables and private security under one name or another. There has also been an ongoing tug-of-war between the conflicting objectives of privacy and security, usually with people being willing to relinquish some degree of privacy to obtain some additional measure of security and safety.

Where institutionalized compromises to privacy have grown to extend beyond their intended bounds or purposes or have outlived their usefulness, there have been backlashes whereby the individuals affected have re-exerted their privacy rights and either put controls into place or abolished or abandoned the infringing system. The privacy interest pendulum has swung back and forth depending upon the current threats to security and the current dangers of lowered privacy.

The Role of Technology
The greatest violations of privacy in recent centuries have been those enabled by technology. As Smith states in Ben Franklin's Web Site:

"Each time when there was renewed interest in protecting privacy it was in reaction to new technology. First, in the years before 1890, came cameras, telephones, and high-speed publishing; second, around 1970, came the development of computers; and third, in the late 1990s, the coming of personal computers and the World Wide Web brought renewed interest in this subject. In each case, the rhetoric had similar sounds to it. What worried people was not so much the technology; what worried them was that it was in the hands of large and powerful organizations.

"The coming of personal computers and the Internet has changed the equation in significant ways. In this new era, individuals and small organizations have gained cyberpower that seems comparable to what large organizations can effectively manage. A solitary individual can now publish a news periodical and reach as many readers as his or her content warrants. A solitary individual now possesses the technical wherewithal to intrude into another's business, to keep information on other persons, and even to alter the content of information in the computer systems of large organizations. Individuals, like large organizations, can now snoop into the private activities of others and record them on audio or video tape."

There would be little objection to the recording of audio, video and travel information for security purposes it if weren't for the potential misuse of such recordings. In just the past few years technology has not only lowered the cost and increased the capabilities for making recordings, information technology has greatly increased the capabilities for large-scale aggregation and misuse of the recorded information in both individual and organizational hands.

A central privacy issue is the right of individuals to protect their ability to selectively reveal information about themselves, and to ensure that the use of that information does not extend beyond what their permissions have granted.

In April of 2000 Gartner, Inc. released a report titled, "Universal Surveillance vs. Personal Privacy," which concludes:

"Emerging technologies for capturing and analyzing personal information are intensifying the debate regarding where enhanced security and service start to infringe on personal privacy.

"A number of technological forces are converging to create an unprecedented ability for enterprises to collect and analyze information. The ubiquitous connectivity of the Internet, the massive amounts of available data (e.g., from supermarket checkouts and security cameras), along with improvements in pattern recognition technologies such as data mining and face recognition are all combining to create an environment where enterprises can learn more about their customers and employees than many individuals would feel comfortable sharing."

Our Roles
As creators, purveyors and users of this technology we must ask ourselves why we are producing and implementing such technology without incorporating sufficient controls to assure privacy violations are either not possible or not practical? If we don't provide the means of such control on our own, history shows that legislation will force us to do so sooner or later, and with restrictions and penalties put in place that would otherwise not need to exist.