Technology, Security and Privacy: The Fear of Frankenstein, the Mythology of Privacy and the Lessons of King Ludd

Article excerpt

I.    PRELUDE
II.   INTRODUCTION
III.  SOME ASSUMPTIONS
IV.   FRANKEN-TECH: THE FEAR OF TECHNOLOGY
V.    THE PRIVACY NORM PROSELYTIZERS: A FETISH FOR SECRECY
VI.   PRIVACY INTERESTS AT STAKE
    A. THE CHILLING EFFECT
    B. THE SLIPPERY SLOPE
    C. ABUSE AND MISUSE
    D. JOSEPH K. AND THE SEPARATION OF SELF
VII.  THE TECHNOLOGIES
    A. TECHNOLOGIES OF IDENTIFICATION
      1. IDENTIFICATION SYSTEMS AND SECURITY
      2. PRIVACY CONCERNS
    B. TECHNOLOGIES OF DATA AGGREGATION AND ANALYSIS
      1. DATA AGGREGATION, DATA ANALYSIS, AND SECURITY
      2. PRIVACY CONCERNS
    C. TECHNOLOGIES OF COLLECTION
      1. SENSE-ENHANCING TECHNOLOGIES AND SECURITY
      2. PRIVACY CONCERNS
VIII. THE PRIVACY DIVIDE
    A. CONTROLLING THE PRIVACY DIVIDE: THE PRIVACY APPLIANCE AS
       METAPHOR
    B. ANONYMIZATION OF DATA
      1. ANONYMIZATION AND SECURITY
      2. DEVELOPMENT IMPERATIVES
    C. PSEUDONYMITY
      1. PSEUDONYMITY AND SECURITY
      2. DEVELOPMENT IMPERATIVE
IX.   TOWARDS A CALCULUS OF REASONABLENESS
    A. DUE PROCESS
      1. PREDICATE
      2. PRACTICAL ALTERNATIVES
      3. SEVERITY AND CONSEQUENCES OF INTRUSION
      4. ERROR CORRECTION
    B. PRIVACY AND SECURITY INFORMATION NEEDS
      1. SCOPE OF ACCESS
      2. SENSITIVITY OF DATA
      3. METHOD OF QUERY
      4. SUMMARY: SCOPE, METHOD AND SENSITIVITY
    C. THREAT ENVIRONMENT AND REASONABLENESS
X.    CONCLUSION
    A. BUILDING IN TECHNICAL CONSTRAINTS
    B. OVERRIDING PRINCIPLES
    C. IN SUM
XI.   FINALE

This article suggests that the current public debate that pits security and privacy as dichotomous rivals to be traded one for another in a zero-sum game is based on a general misunderstanding and apprehension of technology on the one hand and a mythology of privacy that conflates secrecy with autonomy on the other. Further, political strategies premised on outlawing particular technologies or techniques or seeking to constrain technology through laws alone are second-best--and ultimately futile--strategies that will result in little security and brittle privacy protection.

This article argues that civil liberties can best be protected by employing value sensitive technology development strategies in conjunction with policy implementations, not by opposing technological developments or seeking to control the use of particular technologies or techniques after the fact through law alone. Value sensitive development strategies that take privacy concerns into account during design and development can build in technical features that can enable existing legal control mechanisms and related due process procedures for the protection of civil liberties to function.

This article examines how identification, data aggregation and data analysis (including data mining), and collection technologies intersect with security and privacy interests and suggests certain technical features and strategies premised on separating knowledge of behavior from knowledge of identity based on the anonymization of data (for data sharing, matching and analysis technologies) and the pseudonymization of identity (for identification and collection technologies). Technical requirements to support such strategies include rule-based processing, selective revelation, and strong credential and audit.

I. PRELUDE

At the turn of the century technological development was occurring at a rate that dizzied the mind. These technological developments were bringing a better standard of living to all, yet the gap between the rich and poor was becoming more pronounced. The government, fearful of foreigners, enacted repressive laws and the intellectual elite suggested that the government was too powerful and that charges of treason were too easily leveled. (1)

It was during this period--the beginning of the nineteenth century--that Lady Mary Wollstonecroft Shelley wrote her novel Frankenstein (2) and the Luddite movement was born. …