We're Watching

Why we must design privacy protections into our systems


End Users
End users have two aspects of system operations to be concerned about with regard to privacy: establishing policies and procedures compliant with applicable fair information practices, and using technology and human resources to see that the policies and procedures stay in place. Disclosure should include the extent of monitoring and recording (schedules and locations), the purpose and nature of the recordings (for example, if license plate information is captured visually or otherwise), the data retention policy, and at least a mention of the security and accountability practices in use. Destruction of data, if not automatic as part of the system design, should be witnessed and documented in a signed log entry. Similarly, the issuance of any data should be recorded in a signed log entry, whether for organizational or local law enforcement usage.

Security personnel training should include education regarding privacy issues, including the use of "social engineering" to obtaining information. This author once witnessed a man give a $20 bill to a security officer, stating that it had been dropped by a person who parked nearby in the parking structure. The guard then used the license plate number to look up the employee in the access control system, and invited her to come down to retrieve the $20 bill. It was simply a scam to obtain the lady's name and to get a closer look at her as she came into the lobby. The man was not an employee of the company and had no business being in the building.

Final Comment
Security is very much about trade-offs. Sometimes we accept a little less convenience for more security, and sometimes we trade more convenience for a little less security. What we do depends upon the security problems or threats that exist at the particular time of the decision, or upon our current perception or estimation of the risks involved. Some privacy advocates reprimand people (who would trade less privacy for more security) for "selling away their rights". This author believes these statements to be a take-off on Benjamin Franklin's words, "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." Giving up "essential liberty" and giving up "a little bit of privacy" is not the same thing. First of all, the right to privacy (as discussed here) means the right to determine under what conditions and to whom personal information is released. Releasing information is not a giving up of that right, it is an exercising of that right.

Privacy involves the establishment of safeguards so that when information is released (or its collection is permitted), the information stays within the bounds intended. That's the main point of this article. When people allow us (the security practitioners) to establish the monitoring and recording of their activities, and the accumulation of their personal data, they do so trusting that the information will be used solely as intended-to provide them with increased safety and security. Let's be worthy of that trust by establishing privacy safeguards in the systems that we manufacture, install and operate.

Ray Bernard is certified as a Physical Security Professional (PSP) by ASIS International. Ray is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides high-security consulting services for public and private facilities. Ray is a technical consultant and writer who has provided pivotal direction and technical advice in the security and building automation industries for more than 17 years. This article is based upon material in Ray's upcoming book, Shifting Sands: The Convergence of Physical Security and IT. For more information about Ray Bernard and RBCS go to www.go-rbcs.com or call 949-831-6788.