We can have ‘win-win’ on security vs. privacy

Mar 26, 2007

People think there has to be a choice between privacy and security; that increased security means more collection and processing of personal private information. However, in a challenging report to be published on Monday 26 March 2007, The Royal Academy of Engineering says that, with the right engineering solutions, we can have both increased privacy and more security. Engineers have a key role in achieving the right balance.

One of the issues that Dilemmas of Privacy and Surveillance – challenges of technological change looks at is how we can buy ordinary goods and services without having to prove who we are. For many electronic transactions, a name or identity is not needed; just assurance that we are old enough or that we have the money to pay. In short, authorisation, not identification should be all that is required. Services for travel and shopping can be designed to maintain privacy by allowing people to buy goods and use public transport anonymously.

"It should be possible to sign up for a loyalty card without having to register it to a particular individual – consumers should be able to decide what information is collected about them," says Professor Nigel Gilbert, Chairman of the Academy working group that produced the report. "We have supermarkets collecting data on our shopping habits and also offering life insurance services. What will they be able to do in 20 years’ time, knowing how many donuts we have bought?"

Another issue is that, in the future, there will be more databases holding sensitive personal information. As government moves to providing more electronic services and constructs the National Identity Register, databases will be created that hold information crucial for accessing essential services such as health care and social security. But complex databases and IT networks can suffer from mechanical failure or software bugs. Human error can lead to personal data being lost or stolen. If the system breaks down, as a result of accident or sabotage, millions could be inconvenienced or even have their lives put in danger.

The Academy’s report calls for the government to take action to prepare for such failures, making full use of engineering expertise in managing the risks posed by surveillance and data management technologies. It also calls for stricter guidelines for companies who hold personal data, requiring companies to store data securely, to notify customers if their data are lost or stolen, and to tell us what the data are being used for.

"Technologies for collecting, storing, transmitting and processing data are developing rapidly with many potential benefits, from making paying bills more convenient to providing better healthcare," says Professor Gilbert. "However, these techniques could make a significant impact on our privacy. Their development must be monitored and managed so that the effects are properly understood and controlled." Engineering solutions should also be devised which protect the privacy and security of data. For example: electronic personal information could be protected by methods similar to the digital rights management software used to safeguard copyrighted electronic material like music releases, limiting the threat of snooping and leaks of personal data.

The report also investigates the changes in camera surveillance – CCTV cameras can now record digital images that could be stored forever. Predicted improvements in automatic number-plate recognition, recognition of individual’s faces and faster methods of searching images mean that it may become possible to search back in time through vast amounts of digital data to find out where people were and what they were doing. The Royal Academy of Engineering’s report calls for greater control over the proliferation of camera surveillance and for more research into how public spaces can be monitored while minimising the impact on privacy.

The public will be to find out more about this report and have their say at a free evening event at the Science Museum’s Dana Centre in London on Tuesday 27 March.

"Engineers’ knowledge and experience can help to ‘design in privacy’ into new IT developments," says Professor Gilbert. "But first, the government and corporations must recognise that they put at risk the trust of citizens and customers if they do not treat privacy issues seriously."

Source: University of Surrey

Explore further: Fighting the next generation of cyberattacks

Related Stories

Hackers keep trying new targets in search of easy data

Apr 14, 2015

The health care sector has become the hot target for hackers in recent months, according to researchers at Symantec, a leading cybersecurity company that says it's also seeing big increases in "spear-phishing," ...

Researchers aim to safeguard privacy on social networks

Mar 31, 2015

At the end of 2014, Facebook reported 1.39 billion monthly active users. In the meantime, 500 million tweets were sent each day on Twitter. Indeed, social networks have come to dominate aspects of our lives. ...

House unveils cyber bill and signals bipartisan compromise

Mar 24, 2015

House intelligence committee leaders unveiled a bipartisan cybersecurity bill Tuesday amid signs of broad agreement on long-sought legislation that would allow private companies to share with the government details of how ...

Recommended for you

Fighting the next generation of cyberattacks

Apr 16, 2015

The next generation of cyberattacks will be more sophisticated, more difficult to detect and more capable of wreaking untold damage on the nation's computer systems.

Algorithm able to identify online trolls

Apr 14, 2015

A trio of researchers, two from Cornell the other from Stanford has developed a computer algorithm that is capable of identifying antisocial behavior as demonstrated in website comment sections. In their ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.