Contributed article — DOI: 10.1145/1978542.1978568
Should Privacy Impact Assessments Be Mandatory?
This article considers the issue of whether privacy impact assessments (PIAs) should be mandatory. The author examines the benefits and disadvantages of PIAs, the case for and against mandatory PIAs, and ultimately concludes they should be mandatory.
In 2000, an eight-year-old U.K. girl died from the abuse she had suffered at the hands of her great-aunt and the latter’s boyfriend. There was a huge public outcry as details of the case became known. The U.K. government eventually launched a public inquiry, the report of which found that the girl’s murder could have been prevented had there been better communication between social services and other professionals.
The report led to the creation of a database, called ContactPoint, which the U.K. government said would improve child protection by improving the way information about children is shared among different social services.
While it might have been designed to solve one set of problems, the ContactPoint database created another set of problems: It has attracted significant criticism over the risks to privacy and personal data protection. The fact that some 330,000 people will have access to the database suggests that fears about the risks are not entirely misplaced. There is a wide range of such risks—from identity theft to unauthorized, secondary use of personal data for research, for "sharing" with law enforcement agencies or other government agencies, for sale to insurance companies or companies engaged in personalized advertising.
ContactPoint is just one of many massive databases governments and industry have created and will continue to create that would benefit from a privacy impact assessment at the design stage and perhaps at later stages too as an iterative process.
Contributed article — DOI: 10.1145/1978542.1978569
Cyberwarfare: Connecting the Dots in Cyber Intelligence
Cyberwarfare is a potent weapon in political conflicts, espionage, and propaganda. Difficult to detect, it is often recognized only after significant damage has been done. Gaining offensive capability on the cyber battlefield figures prominently in the national strategies of many countries and is explicitly stated in the doctrines of several, including China, Russia, and the U.S. It is generally understood they are laying the groundwork for potential cyber conflicts by hacking the networks of adversaries and allies alike.
Cyberwarfare incidents are increasing among nation-states as well as terrorists, political/social organizations, and transnational groups. An early example of cyberwarfare was the 1999 targeting of U.S. government Web sites by suspected Chinese hackers in the aftermath of the accidental, as officially reported, U.S. bombing of the Chinese embassy in Belgrade. Cyberwarfare has since been observed largely as nuisance attacks (such as denial-of-service), with occasional incidents of espionage and infrastructure probes.
Future attacks could involve destruction of information and communications systems and infrastructure and psychological operations. Indeed, the cyberattacks against Estonia in 2007 and Georgia in 2008 hinted at the potential of cyberwarfare.