Post September 11th Security concerns: the threat to Internet Privacy

Karen McCullagh


Cain postulates that prior to 11 September 2001, discussions about privacy regulation focused almost exclusively on uses of personal information in e-commerce transactions. However, post September 11th, attention is centered upon issues of national and international security. (Cain, 2002, p.32) Indeed, post-September 11th security concerns have led to the formulation of a range of legislative measures, which promote surveillance and data retention and have culminated in restricted data protection and privacy safeguards for users of ICT. This paper seeks to examine whether the privacy invading surveillance and data retention measures are proportionate to the security threat posed?

Privacy: This paper begins by examining various concepts and functions of privacy. It is argued that the Internet does not create new privacy issues rather, it makes issues such as confidentiality, authentication and integrity of the personal information and correspondence transmitted more difficult to control and secure. It explores the positive attributes of privacy and outlines why it is vital in a liberal, democratic society. This leads us to the question of what level of privacy is acceptable to the majority of the populace? Under what circumstances surveillance may be permitted, or even considered desirable? It is suggested that neither total privacy nor a total loss of privacy are desirable, and indeed that citizens are willing to trade-off their right to privacy in certain limited circumstances. In the process of examining under what conditions, if any, may privacy be invaded, the issue of whom should regulate privacy? and what controls are needed to regulate privacy? are explored.

Surveillance: Moreover, there are major concerns about the opportunity the Internet provides for mass surveillance by governmental organizations and law enforcement bodies both at a national and international level. This necessitates an exploration of the concept of surveillance, the role played by ICT in surveillance and the functions served by surveillance. The aim is to determine whether privacy and surveillance are at opposite ends of the spectrum? Does the general populace accept and support the need for surveillance? Under what circumstances should surveillance be permitted/desirable? For example, are people willing to accept a trade-off of personal information for services/funding they require? Are there surveillance practices which are not acceptable, for example those which the individual does not have knowledge of, or has not consented to? It is suggested that anonymity is not a panacea for online privacy protection.

Security: This merits an exploration of the implications of using ICT to promote security and investigates whether privacy and security are necessarily at the opposite ends of the spectrum? It is postulated that the balance between security and privacy has never been static, shifting in favour of security when faced with significant threats to public safety and national security. In concurrence with Cavoukian it is asserted that caution must be exercised to ensure that the legislative measures restricting privacy and fostering data retention and surveillance are proportionate to the security risk posed to society. (Cavoukain, 2002, p.15). Furthermore, it is submitted that privacy and security are necessarily interrelated and interdependent. Therefore neither principle should ever be applied to the exclusion of the other, as they are both essential tenets of a liberal democratic society.

Data retention: This leads to an exploration of legislative measures authorizing data retention? What function does it serve? Are current legislative measures for protecting privacy and permitting data retention adequate and effective? Do data retention techniques guarantee the security of society? It is submitted that the security ‘intelligence’ failure of the September 11th attack was a failure of existing techniques of data analysis and information sharing. It is suggested that new legislative measures regarding data retention may not improve future security. Rather law enforcement agencies may be overwhelmed by the volume and complexity of information available, and lack the funding and expertise to analyse such data.

Conclusion: It is submitted that privacy and security are necessarily interrelated and interdependent. Therefore neither principle should ever be applied to the exclusion of the other, as they are both essential tenets of a liberal democratic society. Instead, caution must be exercised in order to ensure that the perceived security threat does not cause the pendulum to swing too far in favour of surveillance and data retention, at the expense of privacy. Serious threats and implications posed to society by surveillance must never be ignored, and must be traded off against their benefits in each and every instance. Nevertheless, the monitoring of greater volumes of communication from an increased number of sources would not necessarily increase security. Government intelligence agencies already possess sufficient powers to allow them to conduct surveillance of potential terrorists. They need to refine those techniques, rather than seek an extension of their powers. Likewise, granting of such powers to public bodies would be disproportionate to the security risk involved. Such public bodies do not have the expertise to monitor such information accurately and sensitively. The result could well be an unwarranted and unjustified invasion of individual privacy rights. Therefore, citizens should regularly question the merit of legislation and technology. Indeed, citizens must be ever vigilant of the inherent risks and dangers posed by such technology and must never place too much confidence in the self-restraint of any institution or government.


Cain, R. M. [2002] “Global Privacy Concerns and Regulation – Is the United States a World Apart?” International Review of Law Computers & Technology, Vol. 26, No. 1 p. 32

Cavoukain, A. cited in Dresner, M. [2002] “Privacy vs Public Safety” Privacy Law & Business: Data Protection & Privacy Information Worldwide p. 15