Privacy and Cybersecurity

By Holly Gilbert

That process was begun at the second workshop where there were quite a few questions about how the framework would ensure that privacy and civil liberties were respected. One person in the audience asked whether the framework would provide explanatory language that could be used in court “when my rights get violated.” He asked the NIST panel, “What will result from this process to engage people when these things go to court, because someone’s rights will inevitably be violated?”

Ari Schwartz, the Internet policy advisor at NIST and a privacy expert, responded that NIST still “need[s] to figure out a way to get to the solutions.”

Schwartz also observed that he didn’t see a lot of chief privacy officers in the room. “Maybe we need to bring some of those in,” he said, with the goal of getting people involved who “have methodologies in this area.” For example, he said, “There are also practices and methodologies for protecting privacy that we know are common. We need to highlight them more and identify them more easily.”

NIST says it will seek to answer all the representative questions on a variety of issues before the preliminary version of the framework is due in October, and the final draft in February 2014.

EPIC’s Scott says the language of the framework will be crucial in protecting civil liberties, which is why EPIC’s comments “strongly encourage” NIST to spell out the “difference between cyberterrorism and cybercrime.” Scott emphasizes that the two terms should not be confused. “Cyberterrorism is a term kind of like national security that can envelop a lot of different stuff and become a basis for exempting themselves from privacy requirements,” he says.

Amie Stepanovich, director of EPIC’s Domestic Surveillance Project, is also a signatory on the center’s comments. She notes that what is being done with information collected on individuals evokes questions about security, and not just privacy. Everyone should be concerned about what the government does with personal information about them that ends up in a government database, she says.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.