Privacy vs Security: Is it Possible to Have Both?
In today’s world of hyperconnectivity, the issue of security vs privacy is one of the most fiercely contested global debates. Major data breaches, identity theft, ransomware, phishing attacks, big brother snooping, regulatory abuses and other threats are driving a wedge between users who are at odds with the competing and conflicting desires of security and protection on one hand, and privacy and anonymity on the other.
In most cases, to achieve privacy means implementing tools that prevent or preclude security. To achieve security and protection against threats, the trade off for the user is sacrificing privacy. By its very nature, privacy entails eliminating the ability for a user’s web surfing, email, texting, social media and app activity to be monitored. Security requires such activities to be monitored and inspected to provide protection against cyber threats.
A user won’t be able to have both complete privacy and complete security, so they are faced with decisions on what compromises they will need to make. Will they sacrifice some privacy in exchange for security? Or, will they exchange the risk of cyber threats, viruses, and ransomware for better privacy?
The Driving Forces
Considering the staggering volume of data that is generated across the globe on a daily basis, advances in technology are driving innovation at a rate that is easily out-pacing our ability to secure whatever is being created. The speed of innovation, lax security protocols and overall poor regulation of data privacy has led to widespread vulnerabilities creating a digital environment ripe for exploitation.
Cyber Theft and Fraud
Overall, cybercrime damages are expected to reach 6 trillion USD annually by 2021. The cybercrime cost prediction includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm. Security breaches and malicious attacks cost an average of $13 Million USD annually. The US in particular experienced an average of $27 Million USD in damages last year. At the individual level, the impact of identity theft and fraud are even more severe. In 2018, the Federal Trade Commission processed 1.4 million fraud reports totaling $1.48 billion in losses – $406 Million more than what consumers reported losing in 2017.
Information theft and financial consequences are not the sole source of strife behind the privacy vs security debate. The general lack of regulation around data privacy has fostered widespread corporate abuse of end user data for the sake of generating billions of dollars in revenue. While not all organizations harvest their data through unscrupulous means, there have been a growing number of cases where access to end user data is being abused for the sake of profit. Some of the most well known global corporations, Facebook for example, have been exposed for selling, sharing or allowing unauthorized 3rd party access to their end users’ data without permission. Massive amounts of personal behavioral data gets sold with the intent to be used for ad targeting by digital media companies, psychological manipulation by political consultants and media outlets, and for heinous and nefarious purposes as it crosses over into the Dark Web.
As a result, the EU enacted General Data Protection Regulation (GDPR) in May of 2018. The state of California followed suit in June 2018 with its own version – the California Consumer Privacy Act (CCPA). While data regulation is designed to reign in the abuse of data collection and sharing practices, government regulation is only mildly effective as a deterrent to corporate abuse as many of the rules are too easily subverted, and the fines are somewhat nominal compared to the revenue. The restrictions put into place through GDPR are, at this point, easily avoided as the EU lacks resources necessary to enforce the rules. GDPR compliance has been a requirement for more than a year, yet only a handful of organizations have actually been fined.
Bridging the Divide
We view the privacy vs security conundrum as a continuum, with privacy on one end and security on the other and believe that ideally, a user would be able to consciously select where on the continuum they want to reside, balancing their privacy and security needs. In the end, despite opposing technology and divergent values, the arguments driving this heated debate share the same goal. It comes down to protection. Protection of our data so that we can have a worry free digital experience without the ‘big brother’ feeling of being monitored, and without the fear of our data being used against us by anyone, or any organization. The word Security breaks down as “se” and “cura”, which is Latin for ‘without worry’. As explained by recognized cybersecurity expert Daniel Miessler, ‘without worry’ very succinctly describes the goal of both privacy and security.