The theme of the just completed Privacy and Security Conference was ‘Digital Dilemmas, Digital Dreams’. It had a strong privacy flavour to it, and I found a recurring theme in many of the sessions: a need to find a balance between privacy and security is critical. We truly experience a dilemma when we make decisions that would favour one over the other.
As many have pointed out, privacy and security do not need to come at the expense of each other. For example, increased security does not need to decrease privacy protections. When this happens, things like surveillance cultures develop that are not only harmful to societies but almost impossible to disassemble once in place. Simon Davies from Privacy International pointed this out in his impassioned presentation on the ubiquitous CCTV systems in the United Kingdom: establishing the cameras in public places has already been completed, and removing them is almost unthinkable despite their ineffectiveness. Do you want to be the public official responsible for the removal of a system when the next bin Laden might walk through your town next week? Mr. Davies also points out that building license requirements and insurance companies now mandate that CCTV be installed in order for approvals to be granted to a business.
The reason that Britain has become a mass surveillance society is that when surveillance systems were being planned and implemented, security was the Holy Grail, and privacy — if considered at all — was the second priority. When 9/11 hit and new legislation was enacted, privacy concerns took a further back seat.
Fortunately, in Canada we have some fairly strong privacy controls in place. This isn’t because we have brilliant legislators or lack the ability to implement security controls. Canadian values, privacy awareness and sensitivities to privacy invasions have not been eroded by terrorism and the resulting fear-mongering that follows a terrorist attack. We bask in our privacy acts and glow with pride each time we write a Privacy Impact Assessment.
There you have it: a tidy, smug, self-assured Canadian view of privacy and security… But what if we did experience the unthinkable here — the toppling of the CN Tower or a coordinated attack on Alberta’s oil sands infrastructure (and the resulting environmental disaster)? Would the privacy culture we enjoy survive such an event? Or would invasive border controls, a national ID card and pervasive wire tapping become our norms as well?
At times it is easy to be smug and satisfied in a country that consistently wins UN awards for being the best country on earth. We pretend to not understand the American obsession with security, and are aghast when we hear of CCTV in the UK. How can these countries — our neighbours and cultural peers — allow such an erosion of privacy in the name of security?
The reality is we have not experienced the same pain, and until we do our indignant rhetoric is just that: naive statements untested by the harsh reality of unthinkable events. Keeping our balance in an uncertain future will be more difficult than we can possibly know.