Data Privacy versus Security versus the Elephant in the Room

posted in: Security 0 |
Reading Time: 2 minutes

As always, I read with great interest David Horrigan’s look at finding a balance between privacy and crime prevention when it comes to Automated License Plate Recognition.

I think David’s take-away quote from attorney Gail Gottehrer at the end is a great effort at finding a middle-road between “track everything in case there’s a crime”, and “never track anyone”:

“Ways to maximize the benefits of ALPR technologies and minimize the risks associated with them include limiting the types of entities that can collect and use ALPR and the purposes for which they can use the data—as well as delineating when (or if) the data can be shared, and the period of time for which the data can be kept, after which it (and all copies and ) must be destroyed,” Gottehrer added.

That sounds all well and reasonable, but it ignores one very big elephant. You can design all the rules about who can access that much data, and when it can be used, and limitations on the sharing of it, but you also have to acknowledge that, at some point, there WILL be a data breach. Whether that is by a legitimate user sharing the information incorrectly, or an outside party in and stealing it, it’s likely to happen. If we’ve learned anything from the last few years, it should be that. And, we should be including that in our discussions about where we want to fall on this continuum of versus privacy across all of society.

The balance isn’t just between being able to fight criminal activity and securing the privacy of citizens, it also has to include the reality that the data, once collected, cannot be assumed to be completely secure, and any calculations we make about which side we fall on in the debate, has to account for that. Otherwise we are just fooling ourselves.

In this case, it’s not just the risk that law enforcement will have a record of the comings and goings of any random, innocent, citizen. It’s the risk that that collection of data, if breached, could give anyone that level of detail about individuals.

Does that change the equation for you?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.