January 1, 2003

False Dichotomy

Privacy isn't always at odds with security

by Don Tapscott

A new security system for underground parking lots relies on motion detectors feeding signals to a computer. The system's computer understands that people walking to their cars usually follow a direct route. But a rapist or car thief doesn't behave that way. A rapist lurks in one area, and a thief wanders the lot looking for the best car to steal. The computer senses these different movements and alerts security. Some security and intelligence experts suggest the parking lot principle could apply to the entire population. If every bit of data generated by our day-to-day activities were fed into a computer, powerful software could detect a terrorist's unusual behavior, for example.

This detection would be possible because we now create, to use privacy veteran Alan Westin's words, an increasingly detailed digital shadow of ourselves as we go through life's routines. Almost everything we do is noted and recorded somewhere, such as when we make phone calls, enter secure buildings, buy groceries, fill drug prescriptions, surf the Web, exchange email, rent videos, drive our GPS-equipped car, use our credit cards, and on and on. If the various databases and monitoring devices are linked together, an almost minute-by-minute record of anyone's activities can be generated in close to real time.

Before Sept. 11, 2001, many citizens didn't really appreciate how extraordinarily detailed our digital shadows had become. But the post-Sept. 11th privacy vs. security debate has made the public keenly aware of the issues at stake.

Before those horrific events, most citizens casually regarded privacy as a good idea that goes nicely hand-in-hand with a democratic society. Op-ed pieces ruminated on the threat to privacy posed by our increasingly networked society, but the debate focused less on George Orwell and more on corporate databases and greedy dot-coms — less on Big Brother and more on little brother.

Doubleclick was the top target for privacy advocates for trying to mesh disparate databases and create better-targeted and more cost-effective online ads. But other companies made similarly clumsy moves, and almost all beat a hasty retreat when put under the media spotlight.

Malice was never a forethought in the private-sector privacy fiascos of the last four or five years. Companies didn't intend to have their networks breached, and certainly they didn't want to cause distress when compiling detailed customer databases. As for the latter, there was always a seemingly plausible rationale. Everyone benefits, a company apologist would argue, if an ad campaign for lawnmowers went only to homeowners and skipped apartment block residents. This targeting spared consumers the intrusion of irrelevant advertising, and companies benefited from more cost-effective ad campaigns.

When this targeting is done with the consumer's authorization, great. It illustrates one of the best features of the digital era — enabling vendors to personalize services to huge numbers of consenting customers. By astutely exploiting information, merchants can improve the quality, appropriateness, and customization of products and services they offer.

Yet rogue businesses repeatedly violate the customers' faith. They sell or rent the information they legitimately gather to third parties without our approval. The market for such information is insatiable. Companies want to know as much as possible about our past and current actions because it provides solid insight into our future behavior.

To further complicate the issue, each of us has a different (often inconsistent) sense of what constitutes invasions of privacy vs. permissible encroachments. While some demand the right to remain anonymous, others clamor, for example, to exchange every detail of their online behavior for free gift certificates or air miles. Of course, that's their choice. Privacy is all about the freedom to choose.

Whether we want to put such a system in place is a profoundly important debate for our society. Even if it forestalled terrorist attacks, would we want to live in a society where every citizen's activity is monitored around the clock? The easy answer is no. But life in the real world is more complicated. Technology's temptations arise daily. It's so simple to open files and create databases; most of us forget the big picture and think it's the safest and smartest thing to do.

Rate This Article Rating: 1 (best) 2 3 4 5 (worst) Comments: Optional e-mail address:

We don't need to trade off privacy to have security. They are two sides of the same coin, and we need both for a just society. It's possible, for example, to create a building security system that requires a fingerprint or retinal scan before authorized personnel can enter. But it's not necessary for the system to maintain a minute-by-minute record in a central database of who's going in. Keeping track of who enters is a different issue than securing the building. We shouldn't confuse the two.

Businesses face burning questions regarding how they'll treat information about customers and others, and executives must give the privacy issue the respect it deserves. The public's tolerance for corporate error in this arena has evaporated.

Don Tapscott [dtapscott@digital4sight.com] cofounded Digital 4Sight (www.digital4sight.com) and is coauthor of Digital Capital (Harvard Business School Press, 2000).

• Privacy
• Your California Privacy Rights
• Copyright © 2008 United Business Media LLC