I want to return to the claim that “security versus privacy is a false dichotomy” made by Dr. Ann Cavoukian in her Seven Principles (see last week’s blog). The reason: I am beginning to think that this dichotomy is alive and well and the Principle that asserts a “false dichotomy” is wrong. I want to explore this issue in the context of CCTV cameras but I think the problem I raise could apply to many Privacy Enhancing Technologies or Privacy by Design solutions, so much so, that the issue needs a fuller analysis.
In a recent speech made by Dr. Cavoukian, she noted that at the University of Toronto, Professor Kostas Plataniotis and Karl Martin have developed a privacy-enhancing approach to video surveillance cameras. Their work, as described in “Privacy Protected Surveillance Using Secure Visual Object Coding”, uses cryptographic techniques to secure a private object (a face/image), so that it may only be viewed by designated persons.
Their technique means that objects of interest (e.g. a face or body) are stored as completely separate entities from the background surveillance frame, and strongly encrypted; this in turn means that the actual image of the individual appears ghosted. If you look at Dr. Cavoukian’s presentation at http://www.ipc.on.ca/english/Resources/Presentations-and-Speeches/Presentations-and-Speeches-Summary/?id=890 (slides 38-44) you will see what I mean.
So let’s cut to the chase as it is a blog. I think the major risk to privacy relates to processing of personal data by the public sector and not by the private sector. This risk is a result of the public sector wanting to use technology to process personal data obtained for one purpose by one public authority for other purposes by different authorities. The way that this is effected is via Governments enacting legislation through Parliament in order to provide that statutory gateway. I have already demonstrated that in the UK, that this creates circumstances where the privacy protection is very weak (see the two part Nine Principles papers on www.amberhawk.com).
Note that for the public sector, data subject consent does not make the processing of personal data lawful. However, as soon as you have that statutory gateway, there is no need to consider such consent because the processing is now required by law. This means that the Parliamentary processes that enact laws (and regulatory regime) become the important consideration; user centric designs dependent on consent are largely irrelevant.
The private sector wants to exploit its personal data assets also. However, the private sector cannot usually rely on statutory gateways to achieve this end, unless the Government enact legislation to permit this exploitation. If this law is enacted, one reverts to the situation described in the two paragraphs above. That is why Credit Reference Agencies can obtain complete Electoral Registers – no consent needed.
In summary if you have legislation, then there is no need for consent; if you don’t have legislation, consent rears its ugly head. It follows that it is only in these latter categories that privacy by design techniques are important because they allow data subjects detailed control of their consent. It also follows that privacy by design concepts are only a relevant to the private sector; for the public sector they are not particularly relevant.
A change in the law that allowed any organisation to process personal data lawfully if there was data subject consent is a possible solution, but I would be very wary of this step. The Home Office have a curious notion of consent (see blog of 14th September where individuals “freely consent” to get their “voluntary” ID Card), and parts of the NHS are still wedded to concepts such as “implied consent”.
Now back to CCTV images. If the individual does not do anything “wrong”, then there is no need for any person to see the full image – if the individual does something “wrong” then the image becomes available. Now ask yourself the question: who decides what is wrong? Well it is the law, the system of regulation and how the political process decides what is “wrong”. Because images of “right doers” are privacy protected, you can have more CCTV cameras because “wrongdoers” are the only concern; in this way the technology becomes the embodiment of the statement “if you have done nothing wrong, you have nothing to fear”.
Dr Cavoukian’s “security and privacy” Principle is, in my view, mistaken for another reason. Privacy focuses ONLY on the individual; whereas in the post 9/11 world, public sector processing has a significant component focused on the security of the state. It cannot be right therefore to say that “privacy of the individual” is in harmony with “security of the state” where wrongdoing is effectively defined by the state in circumstances where the usual democratic checks and balances are very weak.
That is why I think that the European Commission’s Directorate of “Freedom, Security and Justice” is such a fundamental error. This structure has arguably produced a situation where individual privacy has become subservient to security – but that is a subject for the future.