Privacy and security influence of ICT

This summary paper gives an overview about the concepts of privacy and security. Furthermore it sketches out the linkage of booth topics and discusses the role and influence of ICT. Under the point of view of ideology it analyzes possible threads of misuse of privacy and security from the ICT industry due commercial reasons.

Introduction

Privacy, security and ideology are all very complex topics which have a lot of facets. In the literature there exist a lot of definitions that are formulated from different viewpoints and with different aims. The sources or motivations for this definitions ranges from technical to philosophical and some of them are very old but still valid for our times. These circumstances were also an artefact that each human being has his very own definition of these topics. Most of the people are not able to give a clear definition of these three concepts and have difficulties to clearly separate them. Therefore it's important that for the discussion in this paper a clear definition of privacy, security and ideology is given.

Definition of the concept of privacy

This concept is the most difficult of the three to define. There exist a lot of definitions and the oldest ones dates back to the time of the ancient Greek philosophy. One of the most common terms used today was defined from Warren and Brandeis in 1890. They said that privacy is the "right to be let alone." [1]

Some people interpret privacy as absolute right or human right and others as relative right. An absolute right means that no further justification is needed. In contrast a relative right is based on other rights and therefore it has to be justified by law or ethics

Definition of the concept of security

In comparison with privacy, the concept of security is relatively easy to define. First of all security is one of the basic needs of each human being. A very representative source that can be found in literature is the Maslow pyramid of hierarchy of needs [2]. He stated that each human being has five basic needs that have to be fulfilled in a hierarchical way from the bottom to the top. Security belongs to the second layer and therefore the fulfillment of this need is the basic to achieve the next level of "Love/belonging". Of course the perception of security is different for each person. Young people that are fit have not such a big need for security respectively they tend to evaluate the need easier as fulfilled than a family father with two kids.

Definition of the concept of ideology

An ideology is like a common language [4] used from a group of people to achieve a common goal. Or according to Wikipedia: "An ideology is a set of aims and ideas that directs one's goals, expectations, and actions." [3]

Privacy - an necessary but endangered good

Privacy is a necessary prerequisite for a healthy development of an individual person [4] and therefore also for a healthy society. So it's not astonishing that privacy is one of the fundaments of every democracy. As history shows almost all totalitarian regimes had and have the tendency to restrict the privacy of the people, political parties and other institutions.

Privacy and security - a contradiction?

Each traveler who has ever flown with an airplane knows the pain of the security check. A long queue, every passenger is impatient to get trough and due the always changing security rules you are never sure if you pass. From a privacy point of view this procedure is a clear violence of your privacy. You have to let x-ray your suitcase with your personal things inside, put off your belt and sometimes even your shoes, and you have to finish your coke or put it away, because liquids are not allowed.

But why nobody is really protesting against this privacy violating procedure? Because, from a security point of view, everybody understands the necessity of the very strict security control procedure and therefore the decreased level of privacy for each traveler instantly increases the level of security for all flight and this is in the interest of all travelers.

But can we conclude from this example that a decrease of privacy always increases security? No, we can't generalize that. In the security check example the decrease of privacy can be justified with the common interest of all passengers of traveling save with an airplane. Therefore this common interest out-weights the need for privacy of each individual passenger. And furthermore the intervention in the privacy area of the passengers is comparatively. But how our evaluation of the situation will change when the security personnel is not only x-raying your notebook, but take a copy of the whole hard disk? Can this action also be justified with security reasons? I don't think so. Or at least it can't be justified with the security of the flight only. It's time to look a little bit deeper into the linkage of privacy and security and the reasons for restraints of privacy.

The linkage of privacy and security - reasons for restraints

At this example we can see that security and privacy are two heavily linked topics that can influence each other positive, but also negative. According to the pyramid of needs from Maslow security is a precondition of privacy. But this does not mean that an intervention in the privacy of a person or institution can be always an only justified with a matter of security.

Of course there are existing (security) reasons that justify an intervention in the privacy area of a person or institution. Here are some examples:

  • Crime: Prevention of crime or helping in an investigation.
  • Helping a person who has a mental disease.
  • When the benefit of the violation of privacy is in the aim of a large number of people and therefore justified.

But sometimes it's very difficult for the people to see if a violation of privacy taken by a governmental institution is really justified by the reasons they say. A good example is Guantánamo. After 9/11 the US government initialized a lot of actions that violated and is still violating the privacy of many people and institution. Of course Guantánamo is one of the most extreme examples. But as we know today some of the prisoners are completely innocent. But maybe the existence of this prison prevented the world of many terrorist attacks and therefore it's acceptable that some prisoners are innocent (justified be the common interest to prevent the world from more terrorist attacks)? This is a very difficult, complex and philosophical question and cannot be discussed in detail in this paper. But the question leads us to another important topic that is heavily linked with privacy and security - trust.

Trust - a prerequisite to find a balance between security and privacy

To come back to the airport example: Nowadays a biometric passport is needed to travel to the United States of America. Basically this is not a problem because it not violates the privacy rights per se and the USA created this law to increase their national and also the international security. Another example is the currently emerged discussion about the planned introduction of the body scanners. Also here a lot of private data (mainly about the body) were generated. But what exactly happens with the personal data of the registered people? They don't really know. They can only trust in their governmental institutions which give them their passports and collect therefore their personal data that they don't abuse and misuse their data for other purposes as they stated they want to. The only choice the people have is not to travel to the USA anymore or to trust that their personal data is not misused. They will never have a real control. It's the same with the Guantánamo example. Is it really true which prisoners are guilty and which ones are innocent? We have to trust the authorities. At least the international media has taken over some sort of international guardian function.

The impact of ICT on privacy and security

As we have seen at the beginning of this paper the topic of privacy and security are discussed since a long time. From a philosophical point of view nothing changed in the last 20 year. But from a technical point of view privacy and security has only to do with the handling and therefore control, processing and storage of digital data. [4]

Due the development of new technologies in this area the possibility of collect, store and analyze data increased very much. This new abilities can be used for many good things but on the other hand the potential thread for abuse of personal data increased also heavily. This is the reason that the public discussion about privacy and security gained more importance and media interest during the last years.

Privacy and security - all about the handling of digital data

In the last 20 years, due the introduction of ICT on a broad scale, the most personal data was digitalized. And furthermore the different databases of governments and other institutions where connected. The technology provides high efficient software to compare and link a huge amount of data within a very short time. What exactly the technological abilities of the governments, intelligence agencies and the criminals are we don't know exactly. But this thread for the people and institutions also leaded to the need for protection from theft or abuse of personal data and therefore a new market of privacy-enhancing technologies (PET) emerged. But what exactly are privacy-enhancing technologies (PET)?

Privacy-enhancing technologies (PET)

PETs are a set of ICT applications and architectural concepts that when they are build-in in the online services (e.g. webshop, webbrowser) should grant a maximum of transparency, control and security for the private data of the customer and therefore should protect his privacy [8]. This technology allows that an internet user can easily erase all his personal data after surfing in the internet. Therefore this technology gives him the possibility to surfing in the internet without leaving any trace behind on the computer. This improves not only the privacy level but also the security level, because the user can also disable the automatic fill in of passwords and other credentials that are generated or used during surfing.

Organizational concepts for regulating the handling of private data

The ICT industry has not only taken technological measures that are implemented in their products and services but they have also created policies and principles. One of the main drivers for doing this was the big know how difference between the vendors of this products and the users. Technically it would be very easy for Google to submit and store each search string a user entered to a central database. Also to get knowledge of the identity of the user would be no problem in the most cases. So the industry gives themselves some rules to protect the users (customers) and to gain the trust of them in their products and the whole industry. Here are some examples for guidelines:

  • OECD Privacy Principles [5]: Defines eight basic rules for processing of private data. These rules apply for the public as well as the private sector.
  • IEEE Code of Ethics [6]: Defines then rules for the behavior of IT professionals to assure that they don't abuse their knowledge and behave in an ethical correct way.
  • "OECD Privacy Statement Generator" [7]: The main part is a questioner for providers of commercial web pages. The questions are all about how the provider handles and processes the private data that are required from the customer to making the transaction. As best practice serves the "OECD Privacy Principles" [5]. The output of the questioner is a privacy statement that the provider can publish on his webpage. And of course the statement shows in which areas the provider can improve himself. The benefit for the customer is a transparent overview what the provider does with his private data and that the provider is aware off. This builds trust on the customer's side. The findings of a lot of internet research was that the customers don't switch from a traditional transaction model for doing business to an electronic one, not because they have not the skills or the technical infrastructure, but because they are concerned about the privacy and security of their personal data. The OECD statement should help to build trust on the customer side and therefore stimulate the electronic business.

Of course today each provider of ICT software has recognized the importance of the careful handling of personal data. None of these firms will come in the news because their product makes it easy for hackers to access the customer's private data. This will quickly lead to a bad image for the product and therefore for the company behind. So they take this topic very serious and each bigger company has developed their own privacy statement. The industry also recognized the benefit of building software that grant a maximum of privacy, because this leads not only to higher development costs, but more and more to a differentiation factor for selling their product because it meets a need of the customers. And this fact leads us direct to the next topic of this summary paper where we look at some threats for possible misuse of privacy and security as marketing instrument with the purpose to hide the real economic interests of the ICT industry.

Privacy and Security - A marketing concept of the ICT Industry?

As it was described earlier in this summary paper it's a common view that privacy and security is seen as absolute right. Therefore from an ethical point of view it's difficult to make business in this area. This is not only a problem for the ICT industry. Imagine an assurance company. Their business model is to give people or institutions financial security in the case something bad (e.g. a flood of the machine hall or a road accident) happens to them. Is this ethical? Most people would answer with a yes, and therefore we can conclude that the society has accepted this business model as ethical. But what happens when the assurance companies would make advertisements were you see people who get invalid or killed after a road accident to sell more assurance polices? The answer would be obviously no. As we can see in this example it's not mainly a problem of the business model but especially how you communicate this message to your customers. Or in other words it's a question of the language. And at this point the concept of ideology comes in.

Ideology was described for this summary paper as common language, idea or aim to achieve a common goal [3], [4]. In a language the usage of metaphors are a very powerful instrument. Therefore it may be no coincidence that the industry uses the word "virus" for a computer program which only purpose is to generate damage on the user's PC or "pirate" for a person who is illegally downloading software or content like music or films [4]. "Virus" implies something bad for me and I have immediately the need and therefore the willingness to pay for software products that protects me from computer-viruses. From an ethical point of view this metaphor is not so critical. Normally a computer-virus is really dangerous for your PC and he was created by a human begin who had a bad intention. Therefore, the virus protection software, a vendor offers me, is a relatively cheap solution for this problem. The metaphor "pirate" is more problematic from an ethical point of view. First a pirate is a synonym for a very bad person (and not a thing like a virus) who robs and kills other people. A software-pirate is normally not a person who harms other people. He "only" harms the software or entertainment industry. Of course this is not a justification for the illegally downloading of software. But maybe a more accurate expression for this group of people will be "cyber-theft" or "intellectual property theft".

I mentioned these examples to show how ideology (seen as common language, idea or aim [3], [4]) can be misused to achieve commercial goals of a company/industry.

Another interesting question is when privacy and security is an absolute human right (or a basic need) why I have to pay for ICT products and services to maintain or achieve an acceptable level of privacy and security? Of course also in other industries I can spend money for security. Just think about a person protection company or a company who sells door locks. But it can be really justified that the ICT industry created and is still creating a really big market for ICT security products? I think this is an ethical question. The "things" (viruses, hacker attacks, ...) this ICT security products and services protects you from are created by humans with a bad intention. Look for example what huge amount of money every state is spending for their military forces and infrastructure. The consumers of ICT privacy and security software have to find out what they really need and what their options are. The key for doing this is education. This also prevents companies to misuse ideology to create markets for "generated" needs in this area or even worse to abuse your personal data because of a lack of expertise from the internet users how to behave with personal data.

Furthermore is in the interest of the buyers and providers of ICT products and services that the providers handle the personal data with care, don't abuse it and protect them from un-allowed access. Over time this will create trust and this leads to higher consumption of ICT services and products from the customers side.

Summary / conclusion

This article sketches out how closely linked the topics of security and privacy are. I personally belief that booth are absolute (human) rights. That means you cannot use the one to automatically justify the other. In history we can see a lot of bad examples where totalitarian regimes observe their citizens and collect a lot of very private data of them and justifies these actions with "national security". Security is an important good for everyone and therefore also for the state but it cannot be used as camouflage for massive violations of the privacy rights of the people. Security is the basis for privacy, but also vice versa.

The emergence of ICT changed nothing at the ethical discussion of privacy and security but it has heavily increased the potential for the abuse or misuse of private date. Private data is the core for privacy and security from a technical point of view.

I also stated how the terms of privacy and security can be misused by the ICT industry to create new needs that are not in the interest of the consumers. But this threat does not mean that there is no justified need for ICT security products and services. Furthermore the ICT security market represents already a very big and worldwide market with a lot of very high developed and useful products.

The consumer can best protect himself against some tendencies of abuse from the ICT industry trough education. I think this tendency in the ICT industry is not higher and lower than in other industries. Black sheep's you can find in every industry. Moreover the OECD and the IEEE has created powerful and effective guidelines for the industry to fight against these tendencies.

Most companies had recognized that if they behave in an ethical way the customers will gain more trust in ICT products and services and that will lead to a higher consumption. Especially in e-Commerce and e-Government there is still a big unused potential of customers. To open it up is in the same interest of people, societies, companies and the governmental institutions.

Let me conlude this summary paper with on a first sight (only) funny picture. But it points out very clear the linkage between privacy and security. Often in (business) live we consider just one factor. The linkage between privacy and security can be very simple like in this caricature but it can also be very complex. ICT didn't change the nature of privacy and security at all, but leaded to a heavy increase in the complexity of handling in our daily lives.

References

  1. Warren and Brandeis. "The Right to Privacy". Harvard Law Review, Vol. IV December 15, 1890 No. 5 URL: http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/ Privacy_brand_warr2.html
  2. Abraham Maslow. "A Theory of Human Motivation". Originally published in 1943 URL: http://en.wikipedia.org/wiki/Maslow%27s_hierarchy_of_needs
  3. Wikipedia. Article about ideology URL: http://en.wikipedia.org/wiki/Ideology
  4. Bernd Carsten Stahl. "Privacy and Security as Ideology". IEEE technology and society magazine, spring 2007 URL:http://www.ieeessit.org/technology_and_society/free_sample_article.asp?ArticleID=13
  5. "OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data". September 1980 URL:http://www.oecd.org/document/18/0,3343,en_2649_34255_1815186_1_1_1_1,00.html A short version can be found here: http://www.mccarthy.ca/pubs/share2.htm
  6. "IEEE Code of Ethics, February 2006" URL: http://www.ieee.org/portal/pages/iportals/aboutus/ethics/code.html¨
  7. "OECD Privacy Statement Generator" URL:http://www.oecd.org/document/39/0,3343,en_2649_34255_28863271_1_1_1_1,00.html¨
  8. Wikipedia. Article about "Privacy-enhancing Technologies (PETs)" URL: http://en.wikipedia.org/wiki/Privacy_enhancing_technologies
  9. Firefox privacy settings URL: http://www.browserfirefox.com/images/clear-private-data.gif¨
  10. "Firefox Privacy Statement" on their official Website. URL: http://www.browserfirefox.com/privacy-statement.php
  11. Caricature about Privacy and Security URL:http://potassium.1338.at/upload/pictures/security_vs_privacy_27.02.2008_small.jpg

Abbreviations

  • ICT: Information and communication technology

Please be aware that the free essay that you were just reading was not written by us. This essay, and all of the others available to view on the website, were provided to us by students in exchange for services that we offer. This relationship helps our students to get an even better deal while also contributing to the biggest free essay resource in the UK!