Security and privacy are often seen as opposite, irreconcilable, goals. Privacy advocates and security hawks cling to rigid viewpoints, fighting each other in an ageing war of trenches. As a result, measures to increase our security scorn our privacy. And privacy enhancing technologies do very little to address legitimate security concerns. Revocable privacy aims to bridge the two sides of the debate to break the status quo. Revocable privacy is a design principle (including the necessary toolbox) to build information systems that balance security and privacy needs. The underlying principle is to design a system that guarantees the privacy of its users, unless a user violates a predefined rule. In that case, (personal) information will be released. Laws and regulations by itself are insufficient: they can be changed or sidestepped later on. That is why the principle of “code as code” is taken as point of departure: the rules and regulations must be hard-wired into the architecture of the system itself.
Read the rest of this entry »