spiked-seminars: Privacy from whom?
spiked has been organising a series of seminars in the run-up to its London conference, Don't Blow IT. Norman Lewis and Neil Barrett led the discussion on privacy and data protection.
spiked organised a series of seminars in the run-up to its London conference, Don’t Blow IT. Norman Lewis and Neil Barrett led the discussion on privacy and data protection.
Norman Lewis: Consumer rights are the wrong concern
The contemporary debate about IT and privacy focuses attention on the least important area of privacy infringements, while downplaying – even calling for – the encroachment on fundamental rights and liberties by the state.
It also focuses on the least important area of the internet – namely, the internet in the realm of consumption, where IT is branded as intrusive and abusive and as something that needs to be constrained. This establishes a dynamic of regulation that impacts across the internet as a whole, and which threatens to stifle the potential of this technology in the future.
In the space of one generation, the concept of privacy has shifted from being a question of civil and political rights, to being a consumer rights issue underpinned by the principles of data protection and by the law of trading standards. This reduction of privacy rights to the level of consumer rights equates privacy with data protection – the laws of which are seldom privacy laws but information laws, protecting data before people. This view also sanctions violations of privacy by the state, because data protection laws exempt state access to this data, but also because these laws do little or nothing to limit the collection of the information in the first place.
This is why the heightened public anxiety about privacy is not matched by any campaigns or outcry against the erosion of privacy-related civil liberties by the state. The almost universal silence that greeted the passing of the Regulation of Investigatory Powers (RIP) Act, which came into force last year granting the authorities unprecedented powers to monitor electronic communications, shows how this works in reality.
The big problem is that the broader public does not see the RIP Act as an infringement of their personal liberties or rights. If anything, what the caricatured notion of privacy that is the focus of today’s concerns legitimises is increased state regulation.
The future of privacy will not be determined by the inherent nature of the internet, but by social choices about how much privacy we as a society think it is reasonable to demand.
Neil Barrett: Protect the ‘Personal Information Economy’
So much of ourselves is present now in a variety of information systems: from correspondence, through purchasing habits, to banking details; from statistics to personality; and from tastes in entertainment to click trails through websites of a dubious nature.
Given time, determination and access, the most complete profile imaginable can be constructed on any targeted individual…and given the inadequate levels of protection that surround almost every information processing device on the internet, they are potentially widely available.
Should we be worried? In some cases, yes. The most likely people, in my opinion, to try to make use of this wide collection of data is not some ‘Big Brother’ element of government, but commercial concerns seeking to take advantage of the information mined from the broad seam available.
Already we have organisations undertaking so-called ‘scraping’ exercises to collect broad sweeps of data from a variety of sources, and using this information to target services more precisely. If this was all that was being done, then there would be little to be concerned about; but there is the potential for so much more, including employee vetting, criminal profiling and a host of more intrusive options. Some government departments have tried something similar – such as the Inland Revenue – but have not been as ambitious as the private sector, nor as successful.
Our only protection against the exploitation of this information comes from the Data Protection Act, and even though recently brought up to date, there is still much that can be done further to strengthen the Act. In particular, the Act requires that companies protect information, but we know from direct experience that this is not always the case.
As well as a call for enhanced personal privacy and protection, we should therefore be pressing for ever more attention to be paid to the security of these information collections. While any one individual collection might only be small and boring, the combination of all of those things represents a potentially intrusive and potentially highly valuable collection of personal information. The ‘Personal Information Economy’ is fast becoming a reality, and we owe it to ourselves to protect it as best we can.
Dr Neil Barrett is technical director of Information Risk Management Plc, a company that specialises in testing the security of ecommerce sites.
Don’t Blow IT was a one-day conference produced by spiked, in partnership with the
Internet Society of England and GAP21 and sponsored by cScape Strategic Internet Services, held on Thursday 27 September 2001 at the Bloomberg Auditorium in London.
Privacy online: what’s the problem?, by Norman Lewis
Moving on, by Sandy Starr
Don’t Blow IT by Sandy Starr
spiked-issue: Don’t blow IT
To enquire about republishing spiked’s content, a right to reply or to request a correction, please contact the managing editor, Viv Regan.