Monday, January 1, 2007

The psychology of risk (and why we worry about stuff we should not)

That title could sum up risk management (and will be a recurring theme at 10domains).

I just read an article on SecurityFocus about an effort by the US Department of Justice (DOJ) to standardize the format they store criminal records, and how its raising privacy fears. I am all for privacy, and a believer in the 4th amendment. But I fail to see how a standardized method for record format and access increases the privacy risk.
"Raw police files or FBI reports can never be verified and can never be corrected," Barry Steinhardt, director of the Technology and Liberty Project at the American Civil Liberties Union, told the Washington Post. "That is a problem with even more formal and controlled systems. The idea that they're creating another whole system that is going to be full of inaccurate information is just chilling."

I agree with the first statement. But Mr. Steinhardt fails to explain how a new system increases the risk. I am not pulling out the old chestnut of "if you have done nothing wrong, you have nothing to fear" but seriously, the US DoJ already knows whatever it needs to know about you, and the other LEAs (Law Enforcement Agency) can get access to all the records there are--it just takes longer now. Reducing that timeframe (and associated costs) does not make your life any less private.

Which reminds me, one of these days I will post my rant against the opposition to a US National ID Card. If you carry a driver's license or have a social security number, you are already part of the Borg collective my friend.