Hmmm. What to do. I’ve already got a law. Harper’s law states: “The security and privacy risks increase proportionally to the square of the number of users of the data.”
So maybe I also have to have a theorem. Harper’s Theorem states: “People call privacy a ‘right’ just before they drop it in the blender.”
So my blender detector went on high alert today when I saw Hugo Teufel characterize privacy as a “fundamental right” twice in a recent post on the Department of Homeland Security’s Leadership Journal blog. He’s Chief Privacy Officer at DHS.
The verdict is still out on whether Teufel will be a defender of privacy at DHS or whether he is an apologist for the agency. I’m not impressed so far with his tenure, though I don’t doubt his good intentions. (I serve on the DHS’ Data Privacy and Integrity Advisory Committee, which reports to Teufel and Secretary Chertoff. The December meeting of the Committee was recently cancelled.)
And I wasn’t impressed reading his exploration of the “privacy vs. security” question. As we’re seeing too often these days, he made the claim that privacy and security are not in tension. He says you can have both.
(Actually, you can. Strengthened cockpit doors give you security without using any personal information. But Teufel is talking about government security programs that use personal information, programs like REAL ID, the Western Hemisphere Travel Initiative, the Automated Targeting System, and so on.)
Security programs that use personal information reduce privacy to do their work. Privacy and security are in tension in these programs, and claims otherwise are false.
Claiming that you can have both, Teufel substitutes out true privacy – control of information about ourselves – for a melange of related values. For example, “Privacy is enhanced by revealing what the government is doing,” he says. Well, no. That’s transparency.
Transparency is important because it fosters oversight, fairness, and other good things. But it is not privacy. (Thought experiment: If a man entered your bathroom and announced to you that he was going to watch you shower, would you feel that the privacy of your showering was intact? Of course not. His transparency just makes your loss of privacy more apparent.)
Teufel approvingly cites Indiana University professor Fred Cate’s testimony to the White House’s Privacy and Civil Liberties Oversight Board a year ago. Cate said he was “struck by how closely connected privacy and security really are.” Alas, Fred was referring to “data integrity” – another important value: assurance that information is accurate. This, too, is not privacy. (The man watching you in your shower is also making a videotape of it, and will allow you to review his conclusions. Is the privacy of your showering intact?)
I know that Fred is actively reconsidering privacy concepts, but he is one of the least likely to abuse them. I’m delighted to report that nowhere in his submission to the Privacy and Civil Liberties Board did he call privacy a “right” (n.b., he did quote the Supreme Court discussing “the protection accorded a privacy right at common law”).
We’ve seen worse, but we should expect better from the DHS Chief Privacy Officer than this vain attempt to “transcend” the very real tension between privacy and security in personal-information-intensive government security programs.