Privacy Lessons from the Dot-Com Era (Error?)

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
A lot of companies are busily preparing information security products specifically designed for the unique needs of the newly emerging Homeland Security industry.

But in the headlong rush to bring these technologies to market, the designers may be making the same mistakes -- and missing the same opportunities -- that lawmakers overlooked in rushing to enact some of the laws that shaped this new market.

In the wake of the terrorist attacks of Sept. 11, 2001, Congress moved quickly to enact measures such as the USA Patriot Act, which brought sweeping changes to the ways law enforcement is allowed to gather information on American citizens. Congress also took steps to rearrange the structure of intelligence and law enforcement agencies responsible for anti-terrorism.

Over the intervening years, experts and ordinary citizens alike have grown concerned that in the rush towards security, citizens' rights to privacy may have been trampled. But while there continues to be much heated debate over the benefits and drawbacks of these new security measures, one point of consensus has emerged: many advocates agree that law makers didn't thoroughly think through the unintended consequences that some of these post 9/11 quick-fixes might conjure.

In response to those unintended consequences, law enforcement officials have said that they will redouble their efforts to ensure that, as these new powers are exercised, due deference will be given to citizens' rights.

As a privacy consultant, I've heard this refrain from many clients. I call it the "we know we're juggling with chainsaws, but we'll be careful" approach. Thus, I've spent many years helping outfit people with chainsaw-proof juggling gloves.

So trust me when I tell you that if businesses have a hard time protecting consumers from excessively invasive marketing practices in the name of profit, it will be quite a challenge for law enforcement to stare terrorist threats in the eye and err on the side of civil liberties.

In observing the balance between national security and citizen privacy, many people correctly see disastrous consequences if the scale tips too far in either direction. But as predictably as spring follows winter, this challenge creates new opportunities for those entrepreneurs bold enough to see both the forest and the trees, and to build tools that can help keep the balance.

Throughout the rise of electronic commerce and the Internet Age, we have witnessed exciting new technologies come to the fore only to see that, when held up to scrutiny, they were riddled with privacy holes and security problems. Those product offerings that could be reengineered or reshaped quickly were able to survive and thrive -- Google's Gmail is a recent example -- while fundamental flaws doomed some products to the scrap heap of dot-com lore -- such as the :Cue:CAT scanner.

Companies in the Internet space learned the hard way that whenever there is a potential impact on the privacy and security of consumer information, it is absolutely vital to iron out those wrinkles as early in the development process as possible. It needs to be done before they have to send a product on the verge of release back to the drawing board.

Over the years, many of my clients have found that when they tried "baking in" privacy-sensitive design features, not only did they avoid trouble, they actually made a more robust and valuable product in the process.

Time and again I have seen the resources expended in the name of "compliance" and "risk management" turn into some of the best "research and development" money these companies ever spent. By understanding the privacy impact of their technologies and solving those problems early, those investments have been repaid many times over, both in risk avoidance and in discovery of new features and added value.

As technology companies compete in this new market, the lesson for the burgeoning Homeland Security industry is clear: There are many opportunities for those who are prepared to do some forward thinking and bring to bear privacy considerations during the design and development of their products and services.

People of good faith and good conscience can debate the pros and cons of many things being done in the name of Homeland Security. And without a doubt, that debate is a vitally important discussion for us all to be engaged in, because the very future of American democracy may hang in the balance.

But in the meantime, we will all need to live with the realities of this new security conscious era. And we all will have a vastly easier time of it if the creators of security-enhancing technologies gave some thought along the way about how to respect the privacy of those whose security they are charged with protecting.

Today's Homeland Security entrepreneurs can, if they heed the lessons of the not-too-distant dot-com past, build products and services that meet the needs of law enforcement and citizens' rights. When privacy gets a seat around the drawing board, the innovations that arise can protect and preserve both our democracy and our economy, ensuring both prosperity and domestic tranquility.

Ray Everett-Church is a principal with ePrivacy Group, a privacy and anti-spam consultancy. He is a founder of CAUCE, an anti-spam advocacy group, and he is co-author of "Internet Privacy for Dummies."