Can you give users their privacy while at the same time maintaining security?

As a company that is concerned about both sides of this coin, this is a question that we often have to ask ourselves when we are building software solutions. Can the solutions we build to assist security be used to compromise a users privacy?

Lets examine fraud prevention and other systems where it is important to be able to identify a person to ensure they are who they say they are, no-one wants their privacy invaded, but at the same time no-one wants their identity stolen either. Credit card payments are a prime example, most fraud prevention systems use a scoring method to rate the likelihood of fraud, using information such as country, previous transactions and other metrics all of which impact privacy to a certain degree.

Lets take the example of CCTV, no-one wants to be tracked across town and have their movements monitored, it is an invasion of our privacy, however if we are attacked we expect the police to be able to find the person who did it, using systems like CCTV. This might seem like an extreme example however in principle it is the same as privacy online, we expect (in some cases demand) privacy, but at the same time we want to be protected and this protection requires the very tools that impact our privacy.

I think the bigger issue isn't around privacy exactly but more around WHO has access to data about us. We don't want people we don't know or trust to have access to personal information about us, and we question what it is they are actually doing with it.

Lets take an extreme example, a national DNA database. For crime solving this could be a very useful thing, having everyone’s DNA means you could quickly identify people who leave evidence at a crime scene, however, who would control this information? who would have access to this information? how secure is this information? All of these questions and more are the ones that make this sort of database impossible to set-up.

The potential for abuse is so high that the level of trust required to allow this to be setup is higher than anyone has in the organisations that would set it up and manage it.

So is it privacy that we worry about online (and elsewhere), or is it a lack of trust in the people collecting the information and what they will do with it that is the real root of the problem? Maybe a bit of both ?

Until organisations can prove to us that our data is safe, won't be abused, stolen, lost or sold, then people will demand the highest level of privacy possible as a way to protect themselves.