Practical Privacy

Feb 1, 2007 12:00 PM, BY TIM RUGGLES

In 1999, Scott McNealy of Sun Microsystems triggered outrage with a brusque remark: “You have zero privacy anyway. Get over it.” History has since underscored his uncomfortable assertion. As Javelin Strategy reported in 2006, more than 28.5 million Americans (more than 10% of the adult population) suffered the effects of identity fraud between 2003 and 2005. Every few weeks, headlines report another mass theft of personal data. More and more frequently, individuals enter into new commercial and online relationships that collect personal information, and they consent to un-scrutinized and un-auditable privacy policies with the click of a mouse.

The rhetoric of privacy and the practices of those who promote it often conflict with the actions and needs of those on whose behalf the advocates lobby. A recent conversation with an acquaintance framed the problem well. “Look,” he said, “I value my privacy as much as anyone. But I have no problem giving an immigration or border control agency whatever information they reasonably need to satisfy themselves that I'm eligible to enter the country and that I'm not a threat.” The privacy community would likely respond in horror. To some, attitudes such as this pave the road to George Orwell's dark rendition of the “all-knowing state.”

The apparent tension between attitudes about privacy and our day-to-day willingness to exchange information for the sake of individualized treatment suggests that we have yet to agree on a practical understanding of privacy. Part of the problem is perspective. Is personal information something to be hidden, or is it something to be shared for the sake of convenience?

A close look at the language of constitutional and legislative statements on privacy suggests a common notion that individuals have a right to control private information. Combining this notion of control with recognition that information is of no value unless it is shared, practical informational privacy can be defined as individually controlled, highly discreet information sharing. If we accept this definition, then McNealy's provocation is all the more incisive. Most circumstances under which we share personal information involve an effective surrender of control. Rare are those among us who can actually account for the use of their personal information.

An effective approach to privacy recognizes that sharing information is a core aspect of any relationship, whether between individuals or between a person and an organization. The key question is not whether information will be shared in the context of a relationship; rather, we ask what information is required to achieve the objectives of the relationship, to what degree can the information remain confidential between the parties, who will have legitimate access to that information, and how will the information be secured to meet these commitments. Additionally, as with any agreement, each party should be able to audit compliance with terms. In short, privacy requires the kind of governance agreements typically associated with any critical information sharing transaction between parties.

Under this view, individuals should have as much control over the use of their personal information as they do over the money in their bank accounts. The characteristics of an infrastructure for informational privacy would include

• simple procedures for negotiating governance agreements;

• data element-level control over what information is shared with whom;

• facilities for allowing relationship partners to access information without necessarily copying it;

• a secure, consolidated view of one's electronic relationships and their governance terms;

• an ability to view an audit trail of who accessed what information under which agreement; and

• a legal infrastructure for pursuing and sanctioning breaches of agreements.

It is important to recognize that information sharing between individuals and organizations is a two-way street. First, the individual shares certain personal information to enable the organization to tailor its response; second, the organization may share its annotations of that personal information not only with personnel responsible for delivering service, but also with the subject of the information (the client).

Identity, and the ability to prove one's identity irrefutably, is central to privacy because of the need to ensure that only authorized individuals access personal information. Unfortunately current, document-centric approaches to establishing identity are only as strong as their weakest link, which in many cases are easily forged birth certificates. Additionally, stove-piped approaches to creating identity proliferate personal information rather than concentrating it under the control of the subject, rendering identity un-manageable. Ironically, privacy advocates often oppose large-scale deployment of biometric technologies, thereby effectively undermining a critical pillar of privacy itself.

Privacy is no longer something to be protected. It is something to be recovered. Let's get on with it. We can start by fixing our approach to identity.

---

Tim Ruggles is director of Computer Sciences Corp.'s Border and Immigration Solutions Center of Excellence in Washington, D.C. He has served as a police officer for St. Paul, Minn., was program manager for world's first state-local automated fingerprinting system and worked for several private industry companies.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue