Privacy Without Security is Impossible

November 1, 2010

Electronic security is getting a bad name in some places through no fault of the industry.

Newspaper and TV commentaries about video surveillance cameras in pubic places frequently invoke Orwellian fears about Big Brother. Biometric and radio frequency identification (RFID) systems, meanwhile, raise additional alarms about supposed nefarious plots by government officials or, more mundanely, abuse by commercial enterprises.

And these fears are not just on the fringe. In this year alone, lawmakers in New Hampshire and Alaska have considered bills that would sharply restrict the use of biometrics, while Oklahoma legislators passed an anti-RFID measure that would have become law were it not for a veto by Gov. Brad Henry. (The New Hampshire bill was defeated in the state House of Representatives, while the Alaska bill, as of this writing, has not been brought to a vote.) Plus, in recent years, California Gov. Arnold Schwarzenegger has twice had to veto efforts to strictly limit RFID use.

The Security Industry Association (SIA) has actively opposed these and other attempts to ban security technologies. While acknowledging that there are some legitimate concerns about privacy that are raised by such things as biometrics and RFID, SIA has argued that most fears are exaggerated and are based on a misunderstanding of the technologies, and that legislative restrictions on their use would lead to the adoption of less effective and less secure measures. That, SIA has stressed, is what would create the greatest danger to privacy.

While SIA’s advocacy efforts have been successful, the association, in September, released its “Privacy Framework” to address concerns related to the recording of video, the collection of personally identifiable information and the use of biometrics, RFID and other technologies.

The Framework identifies 12 guidelines to be followed in the deployment of electronic physical security solutions. The guidelines include:

- Conducting privacy impact assessments.
- Implementing privacy-enhancing solutions during the design phase of products, when possible.
- Limiting access to personally identifiable information within an organization to those who have a “need to know.”
- Adopting a security breach notification plan.

SIA has made available an icon that may be displayed by companies that support the principles of the Privacy Framework.

Kathleen Carroll of HID Global, the chair of the SIA Government Relations Department’s State & Local Policy Working Group, said of the issue that, “While security without privacy is possible, privacy without security is impossible.” The Privacy Framework can help to ensure that people have the security that enables them to enjoy their privacy.

Ronald Hawkins is the communications manager for the Security Industry Association (www.siaonline.org). For more information about SIA or to sign up to receive the Security News Digest, contact him at rhawkins@siaonline.org.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.