We're Watching

Why we must design privacy protections into our systems

Lawyers are already paying close attention. For example, prominent attorney Senator John Edwards of North Carolina called for a bipartisan commission to examine how surveillance technologies affect privacy. In a related press release announcement Edwards said that since September 11 the F.B.I. and local police departments "have increased experimentation with video and Internet surveillance, X-ray screening, facial identification and other investigative tools.'' One example he cited was a telephone-booth-sized X-ray scanner at Orlando International Airport in Florida that was "the equivalent of an electronic strip search, revealing the naked body along with any concealed weapons.'' Edwards pointed out that a simple programming change could scramble images of body parts but still reveal concealed weapons. The Tech Law Journal made note of the press release that day, in a daily email alert and in a permanent posting on its web site.

When a lawyer can be one of the first people to point out a simple privacy-respecting design solution, it is obvious that we're simply not giving privacy issues the attention that our customers (and their customers) deserve. It's time for us to become part of the solution, rather than remaining part of the problem.

Security Monitoring "Consumers"
Most privacy legislation falls under the heading of "consumer protection," designed to protect the rights of customers.

What's different about the security industry is that the privacy rights of its customers-the purchasers and operators of security systems-are not the rights that are in jeopardy. It is the security customers' employees, tenants, or customers whose privacy rights are at issue. Especially with regard to access control, they are the largest body of consumers of the security services provided by our systems.

A primary reason people tolerate monitoring is the assertion put forth by the Security Industry Association's President, Richard Chase, who issued a statement titled, "Redefining the Public Safety v. Privacy Debate." Chase said the main point about surveillance technology is, "It is designed to watch out for you ... not to watch you." Certainly that applies to the majority of subjects recorded by monitoring systems. For example, we know that ATM cameras make our transactions safer by deterring robbers.

People also tolerate monitoring when it is being performed for the protection of physical or electronic assets critical to their organization's operation. Regarding information systems, Gartner estimates that 70 percent of security incidents involve insiders, and the FBI reports that 70 percent of security incidents are internal. Ultimately protecting against such incidents benefits the larger community of security consumers.

Complaints arise from security consumers when monitoring practices violate the Fair Information Practices, introduced into U.S. law by The Privacy Act of 1974 , and further defined by the Organisation for Economic Cooperation and Development (OECD) in 1980 in its guidelines governing "the protection of privacy and transborder flows of personal data."

  • Openness and transparency: There should be no secret record keeping. This includes both the publication of the existence of such collections, as well as their contents.
  • Individual participation: The subject of a record should be able to see and correct the record.
  • Purpose Specification: The purposes for which personal data are collected should be specified.
  • Collection limitation: Data collection should be proportional and not excessive compared to the purpose of the collection, and should include the consent of the individual.
  • Data quality: Data should be relevant to the purposes for which they are collected and should be kept up to date.
  • Use limitation: Data should only be used for their specific purpose by authorized personnel.
  • Reasonable security: Adequate security safeguards should be put in place, according to the sensitivity of the data collected.
  • Accountability: Record keepers must be accountable for compliance with the other principles.

These principles were codified into U.S. law 30 years ago, a time that predates the general use of computers, networks and information technology in security systems. Since that time there has been an increasing adoption of information technology in security systems, without a corresponding adoption of security principles in system design and deployment.

There has been a corresponding increase in privacy concerns by individuals, however. This was evidenced by the results of two Google searches on November 3, 2004:

Topic             Number of Pages Found  Exact Search Term
----------------  ---------------------  -----------------
RFID              2,850,000              RFID
RFID and Privacy  1,240,000              +RFID +privacy

43.5% of the Web's pages about RFID technology contain discussions or references to privacy concerns.