In the news this week we have learned about how the UK and American intelligence services have been given access to data from mobile phone and social media companies, so that this data can be analysed for patterns to try and see if any security issues can be detected.
Can they find this from Emails, Facebook, a phone call or text that a terrorist or prospective terrorist is actually planning something nasty in a country or city?
Whilst I understand the logic and necessity for this, we are being told that these agencies are not supplied with our personal details (names etc.). However if this is true, then what is the point of them analysing the data to see a pattern, if they cannot associate that pattern to individuals that they are seeking, monitoring or holding? They must have that relationship regardless of what we are being told by politicians.
Whilst many of us agree this is necessary, we are also concerned about how this falls in line with Data Protection Laws and what is considered private and personal. Having a private face to face conversion with someone in your home was considered private and personal. Then we moved on to letter writing which was also considered private, especially if the letter had your signet ring and private wax seal stamped on it as a mark of authenticity and privacy.
Whilst we have moved on a long way from those days, in some respects we have moved back to nothing being considered private and confidential anymore once it is on the World Wide Web in any format. Do we need to reconsider having the signet ring and wax solution all over again, by way of a personal unique encryption solution for all personal and private correspondence we create?
Now there is a similar issue like this within organizations. One client I’m working with at the moment is implementing a Service Request Management solution with a service catalogue. Access and views of this catalogue are determined by country, business unit and profile so that not everyone can see all items. Once requests have been submitted only certain key groups can view these requests, like the approvers and fulfilment groups. However there are times when “super users” need to have access to view all of the catalogue regardless of their own business unit or location, perhaps to validate prices or changes published in each country, or even to view all requests stuck in the approval phase. The question then becomes who should have these “super user” access rights? Who administers them? From a business security perspective how can these be audited and controlled or governed.
The balance between security access and freedom of information is a difficult one to manage, regardless of the level of access. Personally I don’t mind the government having access to some of my personal communications and correspondence so long as I intended it to be read by more than the recipient. However if I only intended the recipient to read, view or listen to it, then I would expect no-one else to have access without my consent, even a government, and if that means an electronic “signet ring stamp on wax” delivered by my trusted staff, then so be it.
Are we moving blindly into that “big brother” state where the information held about us is so vast and detailed that the state controls us and stops governing us at our request? Politicians are simply interested in their own policies and those that spend enough money to influence them, than they are there “for the people”. When we see that level of leadership (which I do see daily) we may become fearful when mixed with the data that they are capturing and analysing. I think we need to take notice and protect ourselves just a little more than we do today before it’s too late and like the Sci-Fi movies we become slaves to the state.
Over dramatic maybe, but that reality is becoming ever nearer from what I hear and see.
Any feedback and comments are always welcome!