Privacy Matters

At the Government Technology Conference's Security Summit last week, Keynote speaker Joanne McNabb, California's chief privacy officer, asked a poignant question: why does privacy matter?

For many reasons, it turns out.

For a start, it is a law. In California, privacy is a right defended by the state's constitution. "All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy." [emphasis added]. There are nine other states in the Union which have constitutional rights to privacy.

Applying this to daily life can seem daunting given the way technology pervades society today. Citizens who pass multiple video cameras each day, or who have had their identity stolen might wonder if this right is being protected.

Which leads to another of McNabb's points: protecting privacy means keeping the trust of constituents. McNabb quoted a Gartner study which said that 46 percent of online consumers changed their behaviors due to fear of security issues. This translates to approximately 3.7 percent of the adult population.

Another reason that privacy should be important to those in office is that if ignored it can hurt people. People who have fallen victim to identity theft comprise a surprisingly high number of the population. In 2006 there were 8.4 million victims, according to a Javelin survey. Most identity theft issues are financial, costing on average $531 in out-of-pocket expenses, and an average of 25 hours to recover losses. The total cost of identity theft in the U.S. in 2006 was $49 billion.

"Beyond financial identity theft, there are rarer but very troubling kinds -- medical identity theft, for example, which has been called the information crime that can kill you," said McNabb. In this type, someone gets the personal information of a victim, such as a Social Security Number, and then receives medical care in another's name. This can "pollute" medical records with the diagnoses of other people. "So now you've got somebody else's diagnosis, somebody else's conditions in your medical file, and you don't know about it," McNabb explained. "So you're in being treated for something, and they think you are allergic to something you're not, or not allergic to something you are, and it can kill you. There's not a lot known about this yet... but it's a serious thing."

Although it can not physically kill us, the loss of democracy is also an important privacy issue. McNabb pointed out that "privacy is a necessary condition of individual autonomy and dignity" and that "our democratic form of government requires autonomous individuals who need a degree of privacy to play their various roles as citizens." Government accountability, secret ballot systems, and freedom of the press all hinge on having privacy of thought. Where most people grasp the metaphor of "Big Brother watching us," McNabb used Franz Kafka's The Trial to illustrate the downward spiral of a person's life when privacy and dignity are taken away.

Using technology can mean greater protection or greater threat to personal privacy depending on how that technology is used. For government agencies who collect and store the data on citizens, this means a "heightened responsibility to use personal information appropriately," McNabb explained. She suggested that information handling practices should be regularly re-examined "in light of new technologies and changing needs" and that it "doesn't mean just protecting personal information -- but continually reconsidering whether [it is needed] at all."

"Technology lets us collect lots of personal information, analyze it and manipulate it. But human beings must make the rules and establish the controls on using information," McNabb concluded. "Protecting privacy means protecting people."

The Security Summit was  sponsored by Citrix, Oracle, Symantec and Verizonbusiness.