Data mining and what one author has dubbed "dataveillance" (data and surveillance) are becoming pervasive. Often they go little-noticed, or are regarded as trivial and harmless. But there is a strong case to be made that together they are gradually eroding privacy and personal freedom.
Data mining is the practice of gathering and collating enormous volumes of consumer and other information about individuals. Most often it is done by marketers for the purpose of targeting advertising more effectively.
From one perspective we may regard this as harmless or even moderately helpful. If we must be bombarded by ads, they may as well be for products and services we might actually want to buy, rather than cluttering our attention with sales pitches we're not a bit interested in.
But, even apart from the collection of personal information by often-unknown entities without our knowledge, data mining can impose more direct costs. If you don't use grocery "discount cards" (used for data mining), you have to pay a higher price.
"Dataveillance" takes data mining to the next stage, adding data from cameras or other surveillance devices. Law enforcement agencies argue that these technologies can be used to reduce crime. But the police will always argue that giving them a free hand will reduce crime.
Any pattern-recognition process, from cameras reading license plates to identifying "suspicious" behavior patterns, is subject to false positives – innocent patterns that are mistaken for targeted ones. Which means that as pattern-recognition is more widely used, more and more people will be mistakenly brought under suspicion. And they will be treated as criminal suspects.
The American legal tradition has historically erected a high bar for police surveillance, largely to guard against precisely such errors, which come at such high cost for individuals and society. We must be on guard against letting new technologies erode our fundamental legal and social protections.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: "Security is not a product, but a process."
