ISNow – Information Privacy

The following introduction was originally published in the BCS Information Security Now Magazine, Summer 2007 issue (Volume 1, Issue 4), which was on the topic of Information Privacy:

Watching big brother
The government is your friend. If you are doing nothing wrong, you have nothing to fear. We only want to help keep you safe. Big brother knows best. If only it were that simple.

We have more CCTV cameras per capita than any other country along with automatic number plate recognition for congestion charging and alerting police to infractions.

We are building a massive centralised national ID database that will store more than is necessary for us to prove who we are, and offer little in way of consumer benefits.

Our national DNA database has records on over four million people and growing. Police can indefinitely retain the DNA data of anyone they arrest – even if they are never charged or convicted of an offence.

Not only do we fingerprint suspects and criminals, but schoolchildren, without proper guidelines, parental communications or informed consent. Before long, you will need to be fingerprinted to obtain a UK passport.

Soon there will be a mandatory regime of data retention for telephone calls, text messages, mobile location, internet access, emails and web logs. Retained data can be requested by many organisations, for a variety of reasons.

Combined with interception of communications, RFID passports, facial recognition, suspicious behaviour heuristics, satellite car tracking, personnel vetting and dubious data sharing practices you may wonder where the real benefits are and whether we are in a surveillance society.

Work life
Life at work can be ruled by policies on the use of company resources. Your activity and communications may be recorded, archived and monitored for disciplinary or compliance reasons. You leave any expectations of privacy at the door when you arrive.

Unfortunately, work cannot always be left behind when you finish for the day. Employers may respond (negatively) to something you say in your online diary or are seen doing in a picture on a photo sharing website. Recruiters may also conduct a search on you.

Personal life
It may be personal, but life is becoming less private, with profiling (of searches and purchases), sharing (of financial, insurance and health information), tracking (of journeys, transactions and communications), monitoring (of the rubbish in your bins) and enforcement (of TV licences and road tax) and much more besides.

Things can only get better?
I hope so. Hopefully, the opposing forces of security and privacy will come to a happy equilibrium, without one negating the other. More efforts need to be made on privacy enhancing technologies, breach notification and setting standards (for security, retention period, format, quality and so on) where data is kept and disclosure.”

A PDF version of the magazine is available online at:

http://www.bcs.org/upload/pdf/isnow_summer07.pdf