People conflate privacy and security. For many there are no trade-offs, choices, or decisions: guarantee security and you guarantee privacy. But computer designers know it is more complicated than that. This column argues that starting with respect for people who desire privacy will help guide good security design. For example, to help mitigate the security threat of identity theft one wants to consider the loss of private information.
Good design practice is a responsibility. The ACM Code of Ethics requires that designers "respect the privacy of others" and provides two paragraphs of best practice. Many users are both busy and insufficiently proficient technically to watch out for themselves. They understand neither technical minutiae nor the basics of privacy. A recent survey asked about Internet public key certificates (PKI) certificates. Most people said they did not know what such certificates are, or that PKI certificates provide more protection than they do. Many thought PKI certificates ensure privacy, prevent tracking, provide legal accountability, or certify that a site is protected from "hackers."2 They confuse security goals and privacy, and seldom understand related risks well.
No entries found