For an International Institute of Privacy and Security Assistance
Sunil Abraham, Exec. Dir. of Centre for Internet and Society India, has just posted on Forbes India a bright, deep and comprehensive analysis of the policy priorities in regard to large-scale surveillance abuses, and the civil rights AND economic rational for India to promote adequate policies, which may very well apply to Europe.
He furthermore convincingly argues how privacy and security are no zero-sum-game, but a prerequisite one of the other, as I also argued in a recent post. Privacy is a necessary but non sufficient condition of individual, collective and business security.
I believe though that “privacy by policy”- through appropriate laws and Terms of Use, even if perfectly implemented – may unfortunately end up creating just a dangerous smoke in the mirror, unless such laws also embed solid clauses inspired to the paradigms of “security by design” and “security through transparency”.
Service and technology providers, public and private, beyond a certain size, should be mandated to regularly submit, for review by experts AND anyone, all software, hardware, and especially procedures that affect in any way the security, privacy and authenticity levels of their offerings.
Such offerings would be evaluated according to regularly updated guidelines, managed by independent oversight boards, the ability of hardware, software and procedures – as well as the actual intensity and quality of independent security review – to intrinsically and inherently guarantee that the actual levels match the stated levels, at present and any given time in the past.
In fact, intrinsic “privacy and security by design”, devoid of any need for trust, was the core invention at the basis of the engineering of democratic political regimes, exemplified by the rule concerning proper ballot-box democratic voting procedures.
Just as the International Institute of Democratic and Electoral Assistance for decades has provided crucial and largely independent assistance and review for governments electoral processes world-wide, it could be advisable to promote the constitution of a similar – but even more independent and extremely competent – international body that may provide similar assistance, review and certification processes to improve and assess the actual levels of security, privacy and authenticity of communication service offerings by large public and private providers.