Privacy and security are often talked about in very different ways, yet they are two sides of the same coin.
Both are critical in our modern world but often overlooked. Both are critical to ensuring that the digital world is safe and works as intended. Both are often reasonably understood by people but a lot of the nuance and important pieces are lost in that glazed understanding.
Dictionary Definitions
Dictionary definitions are rarely useful in reality but here they may serve a purpose, though honestly I feel like a seventh grader starting off an awkward public speaking assignment.
Privacy is the state or condition of being free from being observed or disturbed by other people.
Reading that definition and it’s understandable why people often react to privacy issues either in full support or with the cliched, “I’m not worried, I have nothing to hide.”
On the other hand;
security is defined as the state of being free from danger or threat.
Now why am I making the claim that these two concepts are intertwined?
Privacy Requirement
A critical part of privacy and specifically digital privacy is intention.
Privacy is really an expression of your intention for your actions and information. You want to control who has access. You intentions are reflected in the privacy level and its enforcement.
In the physical world, privacy is a simpler concept.
If you’re apt to journal or keep a diary of your thoughts, you most likely want to tightly control who can read those thoughts.
You don’t want them observed by just anyone. They are private.
Your intention is that you will share they if or when you chose and with whom you choose.
In the digital world, that can’t happen without security controls…specifically cybersecurity controls.
Types of Security
Yes, as a side note—because we’ll get into in another post—there are different types of security. Cybersecurity deals with the protection of electronic systems and data from unauthorized access and use.
If that journal you’re writing is a digital file, you can’t ensure it’s privacy without security controls…the digital equivalent of hiding it in your underwear drawer (or your drawers drawer depending on your country of origin 😉).
This links privacy to security. But is security linked to privacy?
Privacy All the Way Down
I would argue—and am, right here, right now 🤣—that cybersecurity is all about privacy.
That server you’re surrounding in a firewall? You’re trying to keep the data private. Same for that database with a strong role-based access control system in place.
Yes, it’s a broader definition of privacy but I think it’s just a different value on the same scale.
The intention of the system is to serve authorized users, not just anyone.
In these cases, you’ll probably want an entire organization or a team to have access but no one else. That’s a larger scope vs. an individual but the concepts are the same.
Each control you put in place for cybersecurity whether it’s on the network, in front an entire organization, specific to an application, or encrypting a single file, it’s all about privacy too.
The Same Challenges
Security and privacy aren’t separate issues even though we treat them as such. Frankly, I’m shocked how little privacy experts talk about security and vice versa.
Both of these communities and concerns face similar challenges. Privacy and security are often afterthoughts in the digital world. This leads to efforts to preserve both being bolted on after a technology or system is already designed and built.
That always leads to poorer outcomes.
Security and privacy are a fundamental part of the fabric of our modern world. You can’t have one without the other and when you focus on building both, the result is always a stronger outcome that is better aligned with the intention of your system.
What do you think? Let me know on Twitter where I’m @marknca.