Privacy Lessons from the Dot-Com Era (Error?)
eSecurityPlanet columnist Ray Everett-Church sees unique opportunities opening up in the Homeland Security market. But, he says, beware of the privacy issues that lurk there.
But in the headlong rush to bring these technologies to market, the designers may be making the same mistakes -- and missing the same opportunities -- that lawmakers overlooked in rushing to enact some of the laws that shaped this new market.
In the wake of the terrorist attacks of Sept. 11, 2001, Congress moved quickly to enact measures such as the USA Patriot Act, which brought sweeping changes to the ways law enforcement is allowed to gather information on American citizens. Congress also took steps to rearrange the structure of intelligence and law enforcement agencies responsible for anti-terrorism.
Over the intervening years, experts and ordinary citizens alike have grown concerned that in the rush towards security, citizens' rights to privacy may have been trampled. But while there continues to be much heated debate over the benefits and drawbacks of these new security measures, one point of consensus has emerged: many advocates agree that law makers didn't thoroughly think through the unintended consequences that some of these post 9/11 quick-fixes might conjure.
As a privacy consultant, I've heard this refrain from many clients. I call it the "we know we're juggling with chainsaws, but we'll be careful" approach. Thus, I've spent many years helping outfit people with chainsaw-proof juggling gloves.
So trust me when I tell you that if businesses have a hard time protecting consumers from excessively invasive marketing practices in the name of profit, it will be quite a challenge for law enforcement to stare terrorist threats in the eye and err on the side of civil liberties.
In observing the balance between national security and citizen privacy, many people correctly see disastrous consequences if the scale tips too far in either direction. But as predictably as spring follows winter, this challenge creates new opportunities for those entrepreneurs bold enough to see both the forest and the trees, and to build tools that can help keep the balance.
Throughout the rise of electronic commerce and the Internet Age, we have witnessed exciting new technologies come to the fore only to see that, when held up to scrutiny, they were riddled with privacy holes and security problems. Those product offerings that could be reengineered or reshaped quickly were able to survive and thrive -- Google's Gmail is a recent example -- while fundamental flaws doomed some products to the scrap heap of dot-com lore -- such as the :Cue:CAT scanner.
Companies in the Internet space learned the hard way that whenever there is a potential impact on the privacy and security of consumer information, it is absolutely vital to iron out those wrinkles as early in the development process as possible. It needs to be done before they have to send a product on the verge of release back to the drawing board.
Over the years, many of my clients have found that when they tried "baking in" privacy-sensitive design features, not only did they avoid trouble, they actually made a more robust and valuable product in the process.
Time and again I have seen the resources expended in the name of "compliance" and "risk management" turn into some of the best "research and development" money these companies ever spent. By understanding the privacy impact of their technologies and solving those problems early, those investments have been repaid many times over, both in risk avoidance and in discovery of new features and added value.