IT needs a voice in the privacy debate


Roller coaster economies aside, the IT industry has had it pretty good for the past quarter-century. In fact, information – along with the stone, bronze, iron and the rather enigmatic dark – has even had an age named after it. Today we are firmly entrenched in it.

For decades IT has sailed along, with critics few and far between. And those who did criticize the industry were often dismissed as nothing more than Luddites. But times are changing. IT may soon find itself no longer immune to criticism, as a spate of laws are being contemplated from Toronto to Tokyo to Turin. Laws, which if implemented, will infringe on our privacy in the name of national security and a desire to fight cybercrime. Valiant goals, were it not for the fact that real criminals will find ways to circumvent the attempts to track their actions (encryption being an obvious, inexpensive method) while average Canadians will leave a trail a mile long as an increasingly higher and higher percentage of our daily activities are transacted in digital form.

In Canada, the national Department of Justice is in the process of throwing up a trial balloon called the Lawful Access Proposal. If enacted, it could potentially require the nation’s ISPs to more closely monitor our activities online. The government’s policy document is vague, but ISPs might be compelled to “collect and retain a range of data concerning all of its subscribers.” Imagine Canada Post opening your letters, scanning them and storing the information in a huge database. All done in the name of national security. A Department of Justice spokesperson said this sort of data retention is not on the table, while privacy experts say it is the start of a big-brother like state.

The IT industry may soon find itself in a position of guilt by association if it doesn’t actively involve itself in offering solutions to what the government views as problems.

All of the proposed laws are technology-based, and could profit from the input of IT companies. Just selling the wares, with nary a worry as to their eventual use, is the lazy man’s way.

The U.S. National Rifle Association’s “guns don’t kill, people do” defence will not work, because technology is viewed less as a physical entity than an abstract part of our daily lives. People may blame technology itself rather than the government’s invasion of our privacy. Public backlash is still capable of slowing or even halting IT-based implementations, something that could benefit us all.

Today there is talk of creating national electronic health records. It is a project with many positive attributes, though not immune to abuse. But if the public perceives it is already being spied on by having its Internet movement monitored, it is more likely to fight against it – fighting the battles it thinks it can win, not necessarily the ones it wants to win.

Public backlash can manifest itself in unpredictable ways. In the 1980s and 1990s several universities were involved in the research and development of fuel air explosives for the military, a particularly nasty weapon, essentially designed to ignite the surrounding air, sucking out all of the oxygen in the process. Public reaction was to demonstrate at the universities involved in the development of FAEs rather than against the military that was going to use them.

IT could find itself in the same position, with a backlash focused at the creators of the technology, not at those who use it for invasive purposes.

Most people, myself included, trust the idea of government (not necessarily the people who occasionally occupy the offices, however). But without checks and balances in place, there is nothing to prevent a government from going on electronic fishing expeditions. Armed with data mining technology, the expedition would be like shooting fish in a barrel.

IT companies have to get involved in the discussion about how and where technology will be implemented. These companies might even consider voicing their objections to their technology being used in inappropriate ways.

Some organizations, like CIPS (Canadian Information Processing Society) and CAIP (Canadian Association of Internet Providers), are getting involved but, given the size of the stakes, it would be nice to see some of the world’s heavyweight IT vendors get themselves involved too. One in particular has proven itself capable of going toe to toe with the government and doing fine, and it is certainly not alone in its ability to influence government officials.

The tobacco industry learned a long time ago that a voice heard is one to be reckoned with. It is time for IT, both as individual corporations and as part of industry groups, to learn this lesson.

Conrath is a senior writer with ComputerWorld Canada. He can be reached