Via Bruce Schneier, I see that DHS’s Data Privacy and Integrity Advisory Committee approved a new “Framework for Privacy Analysis of Programs, Technologies, and Applications” at their meeting two weeks ago.
I agree with Schneier’s positive assessment of the report. The steps that are defined in the framework provide a solid analytical roadmap for looking at programs where privacy and security come into conflict.
But resolving these issues is easier said that done. The report describes the final “recommendation” decision accordingly:
Should the program proceed? Do the benefits of the program described in Step 3 justify the costs to privacy interests described in Step 4?
Any attempt to calculate the tradeoffs between security and privacy is inherently difficult, due to the subjectivity of any methodology to place a tangible price on either interest. And people will always place widely diverging values on security and privacy – what looks like a good trade-off to me might not seem all that hot to you.
Even if the right framework is in place, I think there’s always going to be this “political economy” problem in the privacy vs. security debate. But an open civic discussion of these issues based on solid frameworks such as this one can smooth out the rough edges of this debate.