Gathering sensitive information won't provide 'security' for a variety of reasons
Unbridled government collection of personal information, as outlined in the Information Awareness Office
is a bad idea for a lot of reasons, not least of which is the broad notion that the right to privacy is granted in the Constitution. It is an even worse idea because we know almost nothing about what the government is doing with this information. And the recent theft
of information collected under a government mandate portends events to come.
The new internal spy network has far more potential for mischief, misuse and abuse. COINTELPRO, the program of domestic spying under the direction of the infamous FBI director J. Edgar Hoover, should serve as ample warning about why the government should not go down this road again. And if this history lesson is too far removed, maybe people will remember convicted FBI spy Robert Hanssen.
And these are just the cases that we hear about.
From a technical point of view, Im also concerned about collecting so much valuable and very personal information in one place. For one thing, Ive seen the best the computer industry offers for security, authentication, encrypting and authorizing dataand despite the hype, it still doesnt work that well. It works well enough in most commercial settings because the information collected is not sufficiently valuable to warrant the programming time it would take to put together a successful hack. But that is not the case with the treasure trove the U.S. government is talking about putting together.
The problems dont end with collecting this amount and type of information. It isnt even that information cant be locked up tight. The Information Awareness Office plans call for sharing this information across many agencies and distributing the results to airlines and car rental companies, among many others. Technologists know there will be information leaks, either intentional or by mistake. And these leaks will wreak havoc for many, many people.
But even more fundamentally, just because it is possible to collect this informationwhether for the so-called war on terrorism or to put together ever more intrusive marketing effortsit is wrong to know so much about people.
Just like the overuse of antibiotics has caused microbes to evolve and become resistant to known medicines, data over-collection will require that we divulge more and more private information to authenticate who we really are. Its not that hard to imagine a time when it will be so easy to know enough about an individual
and on such a widespread basis, that, in our quest for perfect identification and tracking, we will achieve the opposite. We will only ever really know and trust those people whom we see and live with on a daily basis.
What Ive seen from just about every security and monitoring tool that has come through eWEEK Labs tells me that the old rule "Whats good for the goose is good for the gander" doesnt apply to data collection. Internet traffic monitors always come with the ability to create policies that allow senior executives (and usually IT staff members) to avoid having their Web surfing tracked. Government officials will want exceptions "in the name of national security" that allow them and their families to be immune from data collection that ordinary people will face on a daily basis.
Individuals should be able to control the information that is known about them, period. To the extent that people want to surrender valuable bits of personal information so that they can be authenticated by computers and people outside of their daily experience should always be a choice that is made without an idea that others can secretly or openly collect this information.
Did I just make it onto a government agency list? Senior Analyst Cameron Sturdevant can be reached at firstname.lastname@example.org