[WG-P3] [Opportunity to contribute: OECD Privacy Conference and future ITAC privacy work]
susan.landau at privacyink.org
Wed Oct 20 13:08:48 EDT 2010
On 10/20/10 12:28 PM, McDowell, Brett wrote:
> I'm probably too late, but here is a discussion paper that captures many of the points I've been wrestling with lately in trying to address privacy in a security context. This paper was written in 2009 but is the best thing I've seen so far in offering a new approach to FIPs that is informed by current anti-fraud best practices.
> And here's a candidate elevator pitch for the concept:
> "Privacy vs. security is a false choice, in fact we cannot have one without the other in a networked society. We need to continue to improve security in order to protect personal information. Increasingly, the best security measures for countering online personal information theft is conducted by means of forensic data exchange between trusted parties, a practice that ironically is under increasing scrutiny by privacy advocates who don't foresee the unintended consequences on privacy if these security information exchanges are deprecated."
I completely agree with the paragraph, but do want to point out that it
is using one meaning of security --- computer security --- while the
promptings for various collections of PII are for other reasons,
including sometimes tracking for purposes of national security. So
while I believe that reframing privacy v. security as sometimes being
security v. security is right, one has to be clear that are various
different meanings involved in using the word "security."
(And, fwiw, my new book is title, "Surveillance or Security? The Risks
Posed by New Wiretapping Technologies." So yes, I've been pushing the
"s v. s" argument for a while now, ;-). )
More information about the WG-P3