The Royal Academy of Engineering has just published a report on “Dilemmas of Privacy and Surveillance – Challenges of Technological Change“. It’s worth a read. Amongst other things, it claims that that with the right engineering solutions, it’s possible to have both increased privacy and more security, and that engineers have a key role is achieving the right balance. The authors optimistically believe that there is a choice between the Big Brother world and one in which private data is kept secret and secure. The answer it seems is to exploit technology such as digital rights management and to tighten control over organizations and systems that process personal data.
The report raises interesting issues, but the recommendations are disappointing. There’s too much wishful thinking and not enough alignment with modern business reality. Yes, we should design systems to diminish failures. Yes, we should draw on engineering expertise in assessing risks. But this is not so easy when we have a business to run and a limited set of technology and specialist resources at hand. Can we have some suggestions on how to achieve this? Because it’s what every security and risk manager is already striving to do.
Some recommendations are heavy-handed: give more powers to the Information Commissioner and impose stiffer penalties. Others lack business reality: discourage organizations from seeking to identify their customers. (The press release points to concerns about shopkeepers “knowing how many donuts we have bought”.) There is even a shade of neo-Luddism in the discussion on the effectiveness of surveillance cameras. Perhaps I’m overly-critical. But I expect imaginative solutions, rather than knee-jerk problem statements, from the Engineering Community.
And I do believe that Society has much to gain from the Information Age. A progressive erosion of privacy is part and parcel of this future world. It is inevitable because of the very nature of the continual improvements in monitoring, communications and information retrieval technologies. No person or system is perfect. There will be casualties. Once data is in the public domain, it can no longer be hidden away. We have to accept these harsh realities if we wish to harness the benefits of this brave new world.