Posted on | September 11, 2013 | 2 comments
(Editor’s note: In this guest essay, CJ Radford, vice president of cloud at data security firm Vormetric, calls for stronger laws to protect privacy.)
As more information continues to be disclosed by Edward Snowden, we should all be wondering about the long term implications.
Regardless of how you feel about the NSA collecting your data, the NSA is doing it, most would agree, for the right reasons: To catch terrorists, prevent bombings and safeguard citizens.
I strongly support those goals. One problem that we must consider, however, is what happens to this data. This data consists of the private details about you and me: from where we shop to with whom we talk, what services we use on the web and what causes we support.
It includes similar government collected data about businesses; customers, business partners, financial records, business plans, employees and more. The technology is so powerful, even sensitive and active business dealings still in process, can be found and investigated.
For me, the issue is what happens if this data, and these capabilities, fall into the wrong hands. A malicious government employee, a change in government, court rulings, regulations or leadership could all open this information, and these capabilities, up to cross agency analysis, open use, or criminal activity.
Under these circumstances, the data controlled by the NSA and the capabilities that they have to understand our lives, collected from the highest of motives, is used for the opposite of its original purpose. Even today, the mere potential for this is poisoning relations with our closest allies and friends internationally – they view themselves as the likely targets for this kind of surveillance.
So what should we do about this? It’s simple – put in place a legal framework that strictly limits these capabilities – maybe even a constitutional amendment. It should cover what, why and how long government entities can keep your data, investigate you without your permission, and more. What I’m proposing is an information security bill of rights.
I work for a data security company where the safeguarding of information is critical to what we do, where we think about the protection of our customer’s information every minute of every day. Enshrining principles that make sense, into the highest legal authority of the land, is something we need to consider and act upon now.