K. A. Taipale, "Technology, Security and Privacy: The Fear of Frankenstein, the Myth of Privacy and the Lessons of King Ludd," 7 Yale J. L. & Tech. 123; 9 Intl. J. Comm. L. & Pol'y 8 (Dec. 2004)
The current public debate that pits security and privacy as dichotomous rivals to be traded one for another in a zero-sum game is based on a general misunderstanding and apprehension of technology on the one hand and a mythology of privacy that conflates secrecy with autonomy on the other. Further, political strategies premised on outlawing particular technologies or techniques or seeking to constrain technology through laws alone are second-best and ultimately futile strategies that will result in little security and brittle privacy protection.
This paper argues that civil liberties can only be protected by employing value sensitive technology development strategies in conjunction with policy implementations, not by opposing technological developments or seeking to control the use of particular technologies or techniques after the fact through law alone. Value sensitive development strategies that take privacy concerns into account during design and development can build in technical features that enable existing legal control mechanisms for the protection of civil liberties and due process to function.
This paper examines how technology, security and privacy intersect in the context of current developments in information technology. In particular, this paper reviews issues relating to technologies of identification, data aggregation and analysis (including data mining), and collection currently being considered for use in the context of domestic security, including their impact on civil liberties (in particular, privacy).
This paper attempts to highlight precisely where in such technical systems conflict arises and to suggest certain technical features to help ameliorate these concerns. This paper proposes that technical development strategies premised on anonymization (for data aggregation and analysis) and pseudonymization (for identification and collection) can help protect individual autonomy in the digital age while still meeting security needs. Technical requirements to support such strategies include rule-based processing, selective revelation, and strong credential and audit.
K. A. Taipale, "Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data," 5 Colum. Sci. & Tech. L. Rev. 2 (Dec. 2003) [executive summary PDF]
K. A. Taipale, "Designing Technical Systems to Support Policy: Enterprise Architecture, Policy Appliances, and Civil Liberties," Chapter 9.4 in "Emergent Information Technologies and Enabling Policies for Counter Terrorism" (Robert Popp and John Yen, eds., IEEE Press, forthcoming 2005). [introduction available online] See also the Policy Appliance Reference Model.