Is the concealment of information or resources so just the right people can access it?

for preserving lives (e.g., air traffic control or automated medical systems). Contingency planning is concerned with assessing risks and developing plans for averting or recovering from adverse events that might render a system unavailable.

Traditional contingency planning to ensure availability usually includes responses only to acts of God (e.g., earthquakes) or accidental anthropogenic events (e.g., a toxic gas leak preventing entry to a facility). However, contingency planning must also involve providing for responses to malicious acts, not simply acts of God or accidents, and as such must include an explicit assessment of threat based on a model of a real adversary, not on a probabilistic model of nature.

For example, a simple availability policy is usually stated like this: "On the average, a terminal shall be down for less than 10 minutes per month." A particular terminal (e.g., an automatic teller machine or a reservation agent's keyboard and screen) is up if it responds correctly within one second to a standard request for service; otherwise it is down. This policy means that the up time at each terminal, averaged over all the terminals, must be at least 99.98 percent.

A security policy to ensure availability usually takes a different form, as in the following example: "No inputs to the system by any user who is not an authorized administrator shall cause the system to cease serving some other user." Note that this policy does not say anything about system failures, except to the extent that they can be caused by user actions. Instead, it identifies a particular threat, a malicious or incompetent act by a regular user of the system, and requires the system to survive this act. It says nothing about other ways in which a hostile party could deny service, for example, by cutting a telephone line; a separate assertion is required for each such threat, indicating the extent to which resistance to that threat is deemed important.

Examples of Security Requirements for Different Applications

The exact security needs of systems will vary from application to application even within a single application. As a result, organizations must both understand their applications and think through the relevant choices to achieve the appropriate level of security.

An automated teller system, for example, must keep personal identification numbers (PINs) confidential, both in the host system and during transmission for a transaction. It must protect the integrity of account records and of individual transactions. Protection of privacy is important, but not critically so. Availability of the host system is important to the economic survival of the bank, although not to its fiduciary responsibility. As compared to the availability of

Privacy is a basic right and a necessary protection in the digital age to avoid victimization and manipulation.

In much of the world, privacy is considered a basic human right. For example, citizens in the European Union have the right to dignity. They respect individuals’ rights to a private life, to act without coercion, and to maintain control of their personal information. These aspects are so valuable that they are considered an integral part of EU society. Europe and most of the world have codified these rights into legislation largely due to the learnings of its past.

A society cannot have liberty without privacy. It can appear as a luxury, but it is important to the well-being of a free and just society.

Throughout history, races and groups of people have been persecuted due to their characteristics, affiliations, possessions, or beliefs. Governments, powerful business entities, criminals, and influential organizations have often sought to obtain private information so they can malign individuals and control or manipulate the masses. Privacy has been one of the shields used to protect people from unjust victimization.

Invasion of privacy as a weapon

During WWII, the Axis powers targeted specific races and religions, to the point of near genocide. Many of those who survived did so because they were able to keep their information private, essentially hiding in the crowd. We witnessed the persecution of people demonstrating for democracy during the Arab Spring movements. Their digital signatures and locations were harvested by oppressive governments to identify people attending public rallies.

Many governments and employers actively spy on their citizens to monitor for undesired ideas, discussions, or dissent. Violators are then prosecuted or re-educated to align with what those in authority deem appropriate. Without the benefit of anonymity, citizens’ desire to express their thoughts is effectively repressed.

Governments undermine privacy to control or influence people. In the United States, during the recent Black Live Matters protests, surveillance concerns have resulted in IBM, Microsoft, and Amazon rethinking their participation in providing facial recognition solutions to law enforcement. Protecting privacy is crucial for whistleblowers who come forward to expose injustice. Investigative reporters are ethically bound to protect the identity of their confidential sources for this very reason. Harassment and mistreatment can remain hidden at a tremendous scale when people are fearful of reporting issues because they feel they can be identified.

Privacy protects the innocent from oppression

Autocratic regimes, whether it’s the highest level of government or caustic management of a business, often suppress complaints and new ideas that might undermine their authority or reveal inappropriate acts. Privacy allows dissension, reporting of issues, expression of ideas, constructive resolution of disagreements, and liberty to be heard. Privacy strengthens a community and gives victims a voice by safeguarding free speech that is necessary to counter oppression.

In the digital era, privacy goes beyond anonymity as it also protects people from victimization and manipulation. Society has embraced technology to get educated, communicate, conduct business, and form relationships. Our viewpoints and opinions are strongly influenced by what we learn from local, national, and international news sources.

Data is the new oil

We heavily contribute to the digital landscape through our actions and decisions. Our digital fingerprints are everywhere. They tell a story of where we go, what we do, who we like or dislike, and what we think. They are created by every click we make and every file, application, and device we use. When that data is aggregated, it can provide tremendously powerful insights about a person or community – enough to build complex and accurate personas.

This information is commonly used to manipulate people’s beliefs and behaviors. Online shopping is a perfect example: targeted marketing and data-driven advertising is a big business because it is successful at getting people to spend money. It all comes back to knowing what people are doing, thinking, saying, consuming, and watching. Having access to vast amounts of private data gives advertisers the ability to craft timely and meaningful messages that pull people into desired behaviors.

But if retailers can get people to buy things they don’t need, what else can private data be used for? How about changing what people think, who they support, their political views, what should become a law, and what to believe? The use of private information has long been leveraged to promote, vilify, or persecute various religions and political parties and leaders.

In the last few decades, how global citizens receive their news has changed. The news and entertainment segments have begun to blend, often reporting facts with embellishments and opinionated stories to sway public opinions. The more private information that is known, the easier it becomes to influence, convince, cajole, or threaten people.

More data = More power

A veil of privacy can shield both benefits and abuses. The current trend is to establish and extend privacy rights for the benefit of citizens. This reduces digital victimization, manipulation, and exploitation by protecting sensitive data and allows for activities that promote liberty and free speech.

Without laws, governments and businesses have evolved practices that leverage the power of gathering sensitive information and using it to their own advantage. New privacy laws (GDPR, CCPA) are changing the landscape with many ethical companies downshifting their collection efforts to be more conservative and respectful. They are also showing flexibility in how they treat, protect, and share such data.

Some governments and agencies are also reducing collection, limiting retention, or ending domestic programs that are considered invasive by citizens. At the same time, law enforcement agencies want to retain capabilities to detect and investigate crimes, to protect the security and safety of citizens.

Privacy is also misused. It is the preferred tool for those committing crimes and allows heinous acts against others to remain undetected. It can conceal terrible acts and allow widespread coordination of fraud, abuse, and terror.

Backdoors and master keys

The argument is made that digital backdoors, master keys, and encryption algorithms that gain access to systems and private information would assist in the lawful detection of criminal activity and in investigations to identify terrorists. Although that sounds like a great tool against criminals, it is a Pandora’s Box.

The problem is twofold.

Backdoors and master keys don’t limit access for a specific investigation where probable cause exists, but rather they enable widespread surveillance and data harvesting of an entire population, including law-abiding citizens. This violates people’s right to privacy and opens the door for manipulation and political prosecution. The ability to read every text, email, message, and online conversation to “monitor” the population creates a clear path to abuse. The risk of control and exploitation is real.

Even for those who have no objection to their government having access, we must consider the fact that such backdoors and master-keys would be sought by cybercriminals and other nation-state actors. No system is infallible. Eventually, such tools would be found and used by criminals to the detriment of the global digital community. Some backdoors could be worth tens of billions of dollars to the right buyer as they could unlock unimaginable power to seize wealth, affect people, damage nations, undermine independence, and stifle free thought.

Protecting privacy is not about hiding information. It is about the ability to be free from unwanted influence, tyranny, and to communicate with others in ways that challenge the status quo. Privacy protects individuals but also the underpinnings of a free society.

A complicated situation

Privacy is not an easy topic and there is no perfect solution. It is a dynamic situation and will continue to shift with public sentiment.

Everyone wants some level of discretion, confidentiality, and space. Nobody wants their passwords, family finances, details of personal relationships, medical history, location, purchases, and private discussions exposed. Nor do people enjoy being flooded with spam, phishing, and relentless sales calls. Privacy is not necessarily about hiding something, as it is about limiting information to those with a right-to-know.

Too little privacy can undermine free speech, liberty, and the reporting of victimizations. It also empowers powerful entities to manipulate people’s digital world to coerce, manipulate, and victimize them. Too much privacy can allow criminal actors to thrive and hide from authorities.

Is the concealment of information or resources?

What is confidentiality in information security?

What is another name for confidentiality of information?

What are the 5 types of security?