On the side-lines at one of Malaysia's largest gatherings of infosecurity professionals, Computerworld Malaysia's 10th Security Summit, one of the CIOs told me that getting the balance right between privacy and security will haunt us far into the future. "The cyber security space is a house haunted from within and without- how can privacy and security best live in this house?"
In the US, as reported in our IDG media channels, all three branches of the federal government are facing contradictory changes in how personal data is accessed: some moves protect citizen privacy while others could open up access to businesses and smartphone users by government agencies. Using terrorism arguments, the FBI has attempted to force Apple to develop software to override password protections on the iPhone of a mass shooter in the San Bernardino attacks. Tim Cook said Apple 'will not shrink' from its responsibility to protect customer privacy. This stance has been adopted by other corporations such as Microsoft and Google. However, during the Free Software Foundation conference in March, NSA whistleblower Edward Snowden said privacy cannot depend on corporations standing up to government.
It is not the technology but the principles that matter, of course. Privacy advocates have been pushing Congress to update a 30-year-old law called the Electronic Communications Privacy Act (ECPA) for the last six years to widen protection. In the EC, from 2018, data protection authorities will be able to impose fines of up to 4 percent of a company's worldwide revenue for breaches of the new privacy rules approved by the European Parliament. The new General Data Protection Regulation (GDPR) also extends the 'right to be forgotten' created by a ruling of the Court of Justice of the EU in 2014. No mention has been made of how government agencies will be affected.
One of the CIOs at Computerworld Malaysia's Security summit said the security and privacy balance is "best viewed on a case by case basis. Think of your house and how you want your privacy to be respected while expecting a reasonable level of security from the community. There may be times when you expect enforcement officers to rush in-but aside from such rare occasions relating to major crime and terrorism-the authorities should ask for permission first through due process. The privacy laws should extend the same protection of your home to your own data and your own devices." Have your views on the security-privacy balance changed in the last year or so?
- AvantiKumar, Editor, Computerworld Malaysia & Malaysia Country Correspondent for CIO Asia, MIS Asia
(This is an online version of an editorial for the Security Special print edition of Computerworld Malaysia, 2016)
Sign up for CIO Asia eNewsletters.