[WG-P3] [Opportunity to contribute: OECD Privacy Conference and future ITAC privacy work]

[Susan Landau]

  On 10/20/10 12:28 PM, McDowell, Brett wrote:
> I'm probably too late, but here is a discussion paper that captures many of the points I've been wrestling with lately in trying to address privacy in a security context.  This paper was written in 2009 but is the best thing I've seen so far in offering a new approach to FIPs that is informed by current anti-fraud best practices.
>
> And here's a candidate elevator pitch for the concept:
>
> "Privacy vs. security is a false choice, in fact we cannot have one without the other in a networked society.   We need to continue to improve security in order to protect personal information.  Increasingly, the best security measures for countering online personal information theft is conducted by means of forensic data exchange between trusted parties, a practice that ironically is under increasing scrutiny by privacy advocates who don't foresee the unintended consequences on privacy if these security information exchanges are deprecated."
>
I completely agree with the paragraph, but do want to point out that it 
is using one meaning of security --- computer security --- while the 
promptings for various collections of PII are for other reasons, 
including sometimes tracking for purposes of national security.   So 
while I believe that reframing privacy v. security as sometimes being 
security v. security is right, one has to be clear that are various 
different meanings involved in using the word "security."

(And, fwiw, my new book is title, "Surveillance or Security?  The Risks 
Posed by New Wiretapping Technologies."  So yes, I've been pushing the 
"s v. s" argument for a while now, ;-). )

Susan