We can have ‘win-win’ on security vs. privacy, says Academy

March 26th, 2007

People think there has to be a choice between privacy and security; that increased security means more collection and processing of personal private information. However, in a challenging report to be published on Monday 26 March 2007, The Royal Academy of Engineering says that, with the right engineering solutions, we can have both increased privacy and more security. Engineers have a key role in achieving the right balance.

One of the issues that Dilemmas of Privacy and Surveillance – challenges of technological change looks at is how we can buy ordinary goods and services without having to prove who we are. For many electronic transactions, a name or identity is not needed; just assurance that we are old enough or that we have the money to pay. In short, authorisation, not identification should be all that is required. Services for travel and shopping can be designed to maintain privacy by allowing people to buy goods and use public transport anonymously. “It should be possible to sign up for a loyalty card without having to register it to a particular individual – consumers should be able to decide what information is collected about them,” says Professor Nigel Gilbert, Chairman of the Academy working group that produced the report. “We have supermarkets collecting data on our shopping habits and also offering life insurance services. What will they be able to do in 20 years’ time, knowing how many donuts we have bought?”

Another issue is that, in the future, there will be more databases holding sensitive personal information. As government moves to providing more electronic services and constructs the National Identity Register, databases will be created that hold information crucial for accessing essential services such as health care and social security. But complex databases and IT networks can suffer from mechanical failure or software bugs. Human error can lead to personal data being lost or stolen. If the system breaks down, as a result of accident or sabotage, millions could be inconvenienced or even have their lives put in danger.

The Academy’s report calls for the government to take action to prepare for such failures, making full use of engineering expertise in managing the risks posed by surveillance and data management technologies. It also calls for stricter guidelines for companies who hold personal data, requiring companies to store data securely, to notify customers if their data are lost or stolen, and to tell us what the data are being used for.

“Technologies for collecting, storing, transmitting and processing data are developing rapidly with many potential benefits, from making paying bills more convenient to providing better healthcare,” says Professor Gilbert. “However, these techniques could make a significant impact on our privacy. Their development must be monitored and managed so that the effects are properly understood and controlled.” Engineering solutions should also be devised which protect the privacy and security of data. For example: electronic personal information could be protected by methods similar to the digital rights management software used to safeguard copyrighted electronic material like music releases, limiting the threat of snooping and leaks of personal data.

The report also investigates the changes in camera surveillance – CCTV cameras can now record digital images that could be stored forever. Predicted improvements in automatic number-plate recognition, recognition of individual’s faces and faster methods of searching images mean that it may become possible to search back in time through vast amounts of digital data to find out where people were and what they were doing. The Royal Academy of Engineering’s report calls for greater control over the proliferation of camera surveillance and for more research into how public spaces can be monitored while minimising the impact on privacy.

The public will be able to find out more about this report and have their say at a free evening event at the Science Museum’s Dana Centre in London on Tuesday 27 March.

“Engineers’ knowledge and experience can help to ‘design in privacy’ into new IT developments,” says Professor Gilbert. “But first, the government and corporations must recognise that they put at risk the trust of citizens and customers if they do not treat privacy issues seriously.” […]

http://www.raeng.org.uk/news/releases/shownews.htm?NewsID=378

And by engineers, this report had better be talking about software engineers, because it is precisely these people who are teh (yes, ‘teh’) architects of the solutions that can either enhance our lives or completely enslave us.

I am talking about Phil Zimmerman, Dr. David Chaum, Whitfield Diffie and all the other cryptographers and developers who have been working on this since the early 90’s. The software already exists to create an information ecosystem based on anonymity and authorization; the problem is that the legislators and to a certain extent the vendors are computer illiterates who have never even heard of Public Key Cryptography, let alone understand what it really means and what it can do to secure documents while keeping our information private.

Chaumian Ecash is a perfect example of this. Had it come about at the right time, we might all be using a version of PayPal that was actually cash like, i.e., anonymous, secure and instant on a peer to peer basis. Instead and for the moment, we are stuck with the reviled PayPal which is the complete opposite of a cash like system, that is very large, but also reviled, where there is no privacy at all.

Like I demonstrated with my system for a better passport, there are better ways to improve document security. This thinking can spread to all other areas of authentication and transacting so that we can keep our privacy and also have all the benefits of remote transacting and databases.

Leave a Reply

You must be logged in to post a comment.