Saturday, December 11, 2004

Insightful blog-post on the nature of privacy

Bruce Schneider, one of the leading thinkers on security has recently had some interesting things to say about privacy. In my experience, most IT-types usually think about privacy as being primarily a security issue: you keep information private by keeping the baddies out. But privacy is more than that. It's about giving people control over their own personal information....

Schneier on Security: The Digital Person:

"Last week, I stayed at the St. Regis hotel in Washington, DC. It was my first visit, and the management gave me a questionnaire, asking me things like my birthday, my spouse's name and birthday, my anniversary, and my favorite fruits, drinks, and sweets. The purpose was clear; the hotel wanted to be able to offer me a more personalized service the next time I visited. And it was a purpose I agreed with; I wanted more personalized service. But I was very uneasy about filling out the form.

It wasn't that the information was particularly private. I make no secret of my birthday, or anniversary, or food preferences. Much of that information is even floating around the Web somewhere. Secrecy wasn't the issue.

The issue was control. In the United States, information about a person is owned by the person who collects it, not by the person it is about. There are specific exceptions in the law, but they're few and far between. There are no broad data protection laws, as you find in the European Union. There are no Privacy Commissioners, as you find in Canada. Privacy law in the United States is largely about secrecy: if the information is not secret, there's little you can do to control its dissemination...."

If you aren't a regular reader of Schneider on Security, I highly recommend adding it to your blogroll.

1 comment: