We can have ‘win-win’ on security vs. privacy

March 26, 2007

People think there has to be a choice between privacy and security; that increased security means more collection and processing of personal private information. However, in a challenging report to be published on Monday 26 March 2007, The Royal Academy of Engineering says that, with the right engineering solutions, we can have both increased privacy and more security. Engineers have a key role in achieving the right balance.

One of the issues that Dilemmas of Privacy and Surveillance – challenges of technological change looks at is how we can buy ordinary goods and services without having to prove who we are. For many electronic transactions, a name or identity is not needed; just assurance that we are old enough or that we have the money to pay. In short, authorisation, not identification should be all that is required. Services for travel and shopping can be designed to maintain privacy by allowing people to buy goods and use public transport anonymously.

"It should be possible to sign up for a loyalty card without having to register it to a particular individual – consumers should be able to decide what information is collected about them," says Professor Nigel Gilbert, Chairman of the Academy working group that produced the report. "We have supermarkets collecting data on our shopping habits and also offering life insurance services. What will they be able to do in 20 years’ time, knowing how many donuts we have bought?"

Another issue is that, in the future, there will be more databases holding sensitive personal information. As government moves to providing more electronic services and constructs the National Identity Register, databases will be created that hold information crucial for accessing essential services such as health care and social security. But complex databases and IT networks can suffer from mechanical failure or software bugs. Human error can lead to personal data being lost or stolen. If the system breaks down, as a result of accident or sabotage, millions could be inconvenienced or even have their lives put in danger.

The Academy’s report calls for the government to take action to prepare for such failures, making full use of engineering expertise in managing the risks posed by surveillance and data management technologies. It also calls for stricter guidelines for companies who hold personal data, requiring companies to store data securely, to notify customers if their data are lost or stolen, and to tell us what the data are being used for.

"Technologies for collecting, storing, transmitting and processing data are developing rapidly with many potential benefits, from making paying bills more convenient to providing better healthcare," says Professor Gilbert. "However, these techniques could make a significant impact on our privacy. Their development must be monitored and managed so that the effects are properly understood and controlled." Engineering solutions should also be devised which protect the privacy and security of data. For example: electronic personal information could be protected by methods similar to the digital rights management software used to safeguard copyrighted electronic material like music releases, limiting the threat of snooping and leaks of personal data.

The report also investigates the changes in camera surveillance – CCTV cameras can now record digital images that could be stored forever. Predicted improvements in automatic number-plate recognition, recognition of individual’s faces and faster methods of searching images mean that it may become possible to search back in time through vast amounts of digital data to find out where people were and what they were doing. The Royal Academy of Engineering’s report calls for greater control over the proliferation of camera surveillance and for more research into how public spaces can be monitored while minimising the impact on privacy.

The public will be to find out more about this report and have their say at a free evening event at the Science Museum’s Dana Centre in London on Tuesday 27 March.

"Engineers’ knowledge and experience can help to ‘design in privacy’ into new IT developments," says Professor Gilbert. "But first, the government and corporations must recognise that they put at risk the trust of citizens and customers if they do not treat privacy issues seriously."

Source: University of Surrey

Explore further: Ashley Madison users in US sue cheating website over breach (Update)

Related Stories

Flickr photo data used to predict people's locations

August 12, 2015

A team of researchers with University College in England has found a way to use photo information attached to images uploaded to the sharing site Flickr to create an application that can predict where people will be at a ...

EFF and partners place Do Not Track on higher plane

August 5, 2015

Yes, you have the option of "Do Not Track" when using well-known browsers. Still, reports come in regularly of stealthy online tracking activities, where your reading histories can be exploited. An announcement this week ...

Recommended for you

Interactive tool lifts veil on the cost of nuclear energy

August 24, 2015

Despite the ever-changing landscape of energy economics, subject to the influence of new technologies and geopolitics, a new tool promises to root discussions about the cost of nuclear energy in hard evidence rather than ...

Smart home heating and cooling

August 28, 2015

Smart temperature-control devices—such as thermostats that learn and adjust to pre-programmed temperatures—are poised to increase comfort and save energy in homes.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.