Web 2.0 & rating the Police. A Bruce Schneier perspective

| March 17, 2008

The transparency debate is nuanced & needs a lot more work.

An excellent public policy debate is also emerging at www.TheConnectedRepublic.org, mostly organised by Cisco staff but with some very valuable contributions from current or recent public servants.  The IIS paper on "Safe to Play" is published there.

One of the recent debates is about "Transparency in policing?…or invasion of privacy…risk?".  Here is the contribution I made to the debate recently:

Applying transparency and ratings to policing raises some fascinating questions that have been around for a long time. In one sense, the case put in earlier postings at "Transparency in policing?…or invasion of privacy…risk?" is that a very important group in our society should have applied to it the same logic as it wants applied to the rest of us:  'If you've got nothing to hide, you've got nothing to fear'.  The reaction, though, is interesting.  Like many professions (legal, accounting, medical etc), arguments come back along the lines of 'we are different & deserve special treatment" – legal professional privilege; doctor-patient relationship etc.

Google recently used the transparency argument in "Using log data to help keep you safe", at Google Public Policy Blog, posted 13 Mar 2008.

David Brin explored the extreme of this logic some years ago in his book "The Transparent Society". For a fascinating review of this book and the "communitarian" counterpoint, see "Privacy please", a book review in Salon magazine, 26 April 1999.

But the most recent thoughts on this topic came from Bruce Schneier only a couple of days ago from his blog in an entry titled "Privacy and Power".

Bruce's point, in essence, is that transparency (which has to include initiatives such as ratings) is all very well but what matters just as much is the relative power relationships between the parties being transparent to each other. The example he gives is a good one. In his words:

"An example will make this clearer. You're stopped by a police officer, who demands to see identification. Divulging your identity will give the officer enormous power over you: He or she can search police databases using the information on your ID; he or she can create a police record attached to your name; he or she can put you on this or that secret terrorist watch list. Asking to see the officer's ID in return gives you no comparable power over him or her. The power imbalance is too great, and mutual disclosure does not make it OK."

Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a globally connected company that works with public sector and private sector organisations to help them build customer trust through respect for the customer and their personal information.



  1. StephenWilson

    March 22, 2008 at 11:27 pm

    Too much at stake to afford Brin’s simplifying assumptions

    Surely the assumption in Brin's thesis — that in future, information will be so freely available that everyone will know everything about each other — is way too simplistic. And the stakes for privacy invasion are so great that we shouldn't rush into over simplifications.

    To begin with, the assumption hardly passes the laugh test. It smacks of the classical economist's assumption that markets are efficient and transparent. We know in the real word they are not, and that there are major profit motives to ensure imbalances in access to information, or to create new information that is not freely accessible. So let's not repeat this sort of methodological mistake when crafting new privacy regimes.

    More subtly, I fear that there is an undercurrent in Brin's assumption along the lines that if information is public then it is no longer private. That seems a reasonable proposition but I reckon it deserves deeper analysis. I think I will blog about that idea in its own right.

    Stephen Wilson
    Lockstep Consulting provides independent specialist advice and analysis
    on identity management, PKI and smartcards. Lockstep Technologies
    develops unique new smartcard technologies to address transaction
    privacy and web fraud.