Security vs Privacy

PrivacyAs soon as planes plunged through buildings in New York and Washington D.C., we all — no matter what our government’s allegiance to the US — knew that things would never be the same.

Rhetoric about stamping out terrorism has reached every aspect of business and life — including technology. Bill Clinton’s recent comments in Adelaide (to say nothing of the reams of legislation signed by the Bush Administration) are prophetic warnings about terrorists moving plans, resources and funds across the world with ease using technologies such as the Internet.

Groups in long-standing battles against what they see as the erosion of civil liberties now face enormous opposition as concerns about privacy are moved off the global technological agenda in favour of the War on Terrorism, and examples from the repositioned world of e-lawmaking abound.

As reported on the Electronic Privacy Information Centre website, the US Senate has ‘called for a global ‘new regime’ in the area of encryption which would grant law enforcement access to private keys.’ US Congress recently pledged AUD$1.58b in grants research groups to protect the nation’s computers against hackers.

The recent anti-terrorist USA Patriot Act of 2001 includes provision for the expansion of electronic crime investigation, broad wiretapping authority (of voice and data), emergency disclosure of electronic communications (to protect ‘life and limb’) and search warrants for electronic evidence — measures many groups see as Orwellian.

And with the Howard government committed to the Bush Administration’s coalition against terrorism, similar measures and legislation continues to see the light of day in Australia — such as the October 2001 Cybercrime Act — and are attracting vocal critics.

Electronic Frontiers Australia, dedicated to electronic civil liberty, says in a statement on its website ‘We note with concern that, in reaction to the attacks, proposals are being put forward in the USA to abandon traditional constitutional rights and grant sweeping new surveillance powers to law enforcement authorities.’

So is there a balance? Can we protect ourselves against terrorism and still maintain our electronic privacy? Consensus from industry and government seems to be that we can, and that it will only come about one way — from working together.

As Neshka Erbel, iiNet Compliance Officer, says, ‘iiNet has a history of compliance to law agencies. The end of last year finally gave us opportunity to talk to agencies about the assistance we can provide them with. We’re starting to talk the same language in regards to cybercrime and interception methods — it’s a very positive change.’

Paul Malone, Public Affairs Manager, National Office for the Information Economy, agrees and believes that the events of September 11 will prompt more discussion between vested interests. ‘Government and business will work together more closely because they face common threats to infrastructure and neither has the ability to deal with those threats on their own.’

And the lynchpin of industry/government cooperation — the Internet Industry Association — is on the case, as Chief Executive Peter Coroneos reports, ‘The IIA has accelerated our previous work on a Cybercrime Code of Practice to facilitate law enforcement and industry cooperation.’

Both industry representatives and the government bodies spoke of being ill-prepared not for the threat of cyber-terrorism, but the problem of making lawmakers and the public understand its potential scope, and governments are responding to a real threat and not ushering in Big Brother.

‘[September 11] has reminded everyone of the dangers of any terrorism activities including cyber-terrorism. The danger of unlawful access to computers is greater than most people imagine,’ says Neshka Erbel of iiNet, ‘one of the biggest ramifications of the war on terrorism on electronic security is that it’s finally seen as the important issue it is. Cyber-crime is a threat to security.’

‘We were always aware of the risk,’ agrees IIA’s Peter Coroneos, ‘but at some stage terrorists are going to realise that they can cause considerable damage to economies, infrastructure and social order from remote locations.’

Besides shoring up the world’s infrastructure against terrorist attack, the argument to expand authoritative powers seems supported by the fact that we don’t really have any privacy anyway.

According to the IIA, the new powers governments are asking for (and getting) from parliaments and senates all over the world already exist offline. ‘There isn’t necessarily any greater loss of privacy than exists offline where the police have always, subject to warrant, had the power to break down your door, or tap your phone.’ Coroneos says.

And how will new measures or trends affect business? The cost to iiNet has been negligible, constituting only Neshka Erbel’s appointment to the position of Compliance Officer. She is emphatic that iiNet security systems before September 11 were already enough so the company didn’t need to apply any new measures.

The balance between security and privacy has always been an iiNet concern and terrorism won’t change that. ‘iiNet always tries to find that fine balance between security and privacy,’ she says, ‘Our customer’s privacy is as important as their and our security.’

Peter Coroneos of the IIA adds that electronic security was a concern long before September 11 and there shouldn’t be any bigger a bill as it would have been before. ‘Electronic security across industry is variable,’ he says, ‘At the high end like banks it’s been quite secure for some time (though never invulnerable), but at the small business end there is a lot of work to be done.’