Privacy vs. cybersecurity: the advantages of doing business over the Internet are tremendous--but only if enterprises can ensure exchanging information in cyberspace is secure.

• Author: Phillips, John T.
• Position: Tech Trends

At the Core

This article:

* Discusses the conflicting roles of privacy and security for Internet communications

* Gives ways to secure information exchanged across the Internet

Cyberspace is a playground for information seekers: Enlightening articles and digital encyclopedias can be accessed from anyone's desktop. The Internet enables highly productive workflows for electronic document collaborators. Postal service and other forms of physical document delivery have been eliminated in some businesses as electronic mail has replaced paper correspondence, and Web sites enable information distribution without significant digital "shipping" charges. Unfortunately, the immediate benefits of using the Internet to communicate and share information often postpone consideration of the long-range consequences of doing business electronically--until a crisis occurs.

Interaction with Web sites increasingly demands personal information. Ordering products online requires personal shipping addresses and credit card information. Sharing data often requires trusting business partners across open network architectures and relying on unknown data security infrastructures to complete transactions. When data and documents are transferred across poorly controlled networks and repositories of personal data are accumulated in hidden databases, the potential for corrupted information or compromised personal privacy increases. The integrity of business transaction records may be questionable, and individuals may become victims of identity theft or fraud.

Clearly, security and privacy are becoming major issues for the Internet's personal and business users. The communications speed and document-management advantages of Internet use are tremendous, but these conveniences are diminished when users must proceed cautiously because of a lack of confidence in the robustness of security or real concerns about misuse of Internet-based information.

Privacy, Security, or Both?

Are maintaining privacy and ensuring security conflicting, incompatible goals? High states of security for Internet communications may require limiting access to well-documented individuals or organizations. Such documentation may itself invade individual privacy or organizational needs for confidentiality. After the 2001 terrorist attacks in the United States, many increased security measures were demanded. These included increased security inspections at airline check-in locations, better readiness for emergency response, and an overall increase in data gathering and surveillance of both citizens and immigrants.

Similar demands for new levels of attention to physical security, data protection, and user authentication are occurring for computer systems use. New expectations regarding data gathering and surveillance have been met with some resistance by both civil libertarians and the general public.

Similar dilemmas challenge organizations that seek to determine the extent to which employees should be monitored in the workplace and constrained on the job with increased security and strict privacy policies. There is no question that limiting access to a computer system increases the overall security of the system. There is also no question that gathering detailed information about computer users assists...