Sunday, October 14, 2007

Security or Transparency; different views of privacy

When it comes to dealing with private information, there tends to be two paradigms that I hear espoused most frequently; secrecy and transparency. Those who favor the secrecy paradigm believe that information needs to remain hidden from others. People who subscribe to this paradigm tend to be those who we might have usually considered privacy advocates. From this point of view comes most of the writings that you find on the topic of privacy. Implicit in most discussions of the secrecy view of privacy is that information needs to be kept secret from all other parties.

It is easy to see how to support this view; people point to the tracking information used by government databases, marketing lists and nosey neighbors as evidence of need for privacy. Stories such as how the Nazi’s used public records to track Jews are often used to show the dangers in government consolidation of private information. What is less clear is how the transparency paradigm works.

On the other side of this discussion is the idea that transparency may be the best way to deal security. This is an interesting model since it relies on two things, acquiescence to power and belief in benevolent (or controllable) leadership. In this case the idea is that certain pieces of data need to be inspected as part of contractual obligations, legal mandates or national interests. In such situations, it isn’t that the information needs to be protected from all viewers, but that the dissemination, or use of that data beyond defined limits should be banned or protected though civil litigation.

Some examples of these two views in action are Amazon.com and British Petroleum. Amazon.com has a large set of (sometimes onerous) remote access and data protection measures that are intended to protect the integrity of Amazon.com’s intellectual property. Like may high tech companies, Amazon is concerned that anyone might access it’s data inappropriately and thus has erected major hurdles to accessing this information (Hurdles that exist for those that legitimately want to access it as well).

On the other side of this discussion is British Petroleum. BP has decided to take some of its critical system (like email) and have them hosted by third parties (making them far easier to access from a governmental and legal discovery aspect). BP makes a compelling argument that any of these resources could be “discovered” though governmental powers or legal subpoenas so spending money and resources to “hide” these assets is not very valuable. In their mind, the money it would cost to implement such functions is not worth the cost.

Clearly other organizations take a different view. What is interesting is that this view is a bit like other models we see. From CEO of Sun Microsystems saying “Privacy is dead, get over it” to the explosion of social networking sites like MySpace, Orkut, Friendster and Facebook; it does appear that people do feel ok giving more of their personal information that would have been discoverable though general detective work online.

When might this matter? This week it was discovered that the NSA sought to setup warrantless wiretapping of Americans. This isn’t much of a revelation since the White House stated that this was done in a response to the 9/11 attacks. For better or worse, most Americans accepted this as a trade off of liberty for temporary security, but it now appears that this program was started before 9/11. This is a big shift from what we’ve heard before. Under the secrecy paradigm, this would be quite concerning. Effort would be spend investigating and trying to change laws to roll back this system. On the other hand, if the transparence (or disclosure) paradigm were the idea from the start, there would be no issue, worry or cost to such an action.

Some people might point out that the “transparency” view is really just a pretty package around the loss of privacy. I would point out that there are important distinctions that are part of this view though. All information is not public, it is simply managed differently. Liability would apply to its abuse while the efficient transfer of this information could facilitate the efficient adjudication of issues and protection of citizens. At the root of this view is the belief in differentiating what you want to hide and the benevolence in those that hold this information. Ultimately it’s a matter of trust and accountability. Secrecy has always been about trust, the transparency paradigm shifts the thinking around trust from a “me against the world” to an “us against the others”. Different organizations (and people) are choosing to act on each of these philosophies. Time will tell us, which works best for society.

No comments: