Privacy or security? - 'Function Creep' kills your privacy

02-09-2016 by Dick Dekkers

Devices are getting smarter. Phones, cars and thermostats: they collect more and more data, and share it too. But what if others use that data for purposes you don't know about? What about your privacy? And what benefits does this data collection actually deliver?

Some time ago I made a trip to London. When I came back via the airport in Rotterdam and drove home, I was stopped on the A13 by a policeman on his motorcycle. Strange, seeing as I wasn't speeding. I had to drive to a parking space in a business park. It turned out that I hadn't paid my car insurance. A mistake, so I explained it truthfully and pinned the outstanding amount on the spot.

How did the policeman know that I hadn't paid the bill? Did he get a signal from traffic control? Certainly, it seems that way and that would be quite interesting. That system was once intended to track traffic jams and catch speeders. The system seems to work just as well to pick up on defaulters and other offenders on the road.

Function creep and privacy

This is a typical example of function creep: a certain instrument being used for something other than it's intended purpose. Take, for example, the body scan at the airport, which is now very euphemistically called the Security Scan. It is in itself an effective means of detecting threats. The border control promises not to save the scans of travellers, to protect their privacy. But why do the devices necessarily need a hard drive and an internet connection? This smells of function creep.

Whether it comes to body scans, or traffic control: where intelligence services find a source of data to collect, they will use it. If they do this to identify specific suspects, I can understand that, as long as they operate within the confines of the law. But the trend seems to be, that for the sacred purpose of our security, data needs to be collected about everyone, whether openly, or through function creep. We are all follows as if we were suspects.

Hotspots for criminals

Something dangerous clings to the passion that police, security and intelligence services have for collecting data. Even if they adhere to the rules, who says that hackers won't sooner or later crack the servers and run off with all of our private data? The mountains of data are hotspots for criminals. Before you know it, you could be a victim of identity fraud.

Am I overreacting? I hope I am wrong. But let's turn things around: why are the intelligence services so obsessed with data? The mountain is too big for them to wade through and yet the government claims that this mountain has helped prevent terrorist attacks. I would advise: show us proof that this is the case. If you show that you've stopped, for example, 30 attacks with mass surveillance, you'll raise a lot of goodwill with the people.

Until then, I am tempted to say that collecting all this data doesn't make us safer. Further, as long as the intelligence services are doing their work with good intentions, there's not a problem, but sooner or later, someone with less noble intentions will get their hands on the data. All the more reason for Digidentity to be extra vigilant. We only ask our users for information that is absolutely necessary for registration, and then lock that same data in a super secure safe. Just in case.

I wrote earlier about the debate between security and privacy. Do these go hand in hand?