September 2004 Editorial
Modernizing Authentication — What It Takes to Transform Secure Access
The amount of information that can be collected about a personnot just name, age, address, Social Security number, but shopping behavior, travel plans, eating habits, reading preferences and the likeis simply staggering. We have built ways of collecting such information, and the means of storing, analyzing and profiting from that information, that would turn the marketers of just 20 years ago green with envy. As if that weren't enough, we are proposing, planning and working on systems that will individually identify everybody by fingerprint, for passports and national identity cards, and by face, for crowd recognition technology, if not by iris scan, à la Minority Report. Companies can plant programs in people's computers that govern the ads they're served, and even record keystrokes as people enter personal data on Web site forms. And while most people, when asked, will insist they care about their privacy, those same people are perfectly willing to provide all kinds of personal data to which companies can attach detailed behavioral preferences, then share, trade and sell that knowledge to just about anyone who wants it.
How do you, as CIOs and the technologists who help plan, build, run and profit from such systems, feel about all this? In conducting this month's CIO Insight research on security and privacy, we asked CIOs whether they believed there was even such a thing as privacy anymore (see page 77). Almost a third said no. And while about 90 percent of companies have formal policies covering the privacy of the employee and customer data they collect, only about half of companies say they have a policy for informing customers if any of their data is stolen. Is that adequate?
It may be that what seems to be a gradual loss of privacyof our right, among other things, to keep all our personal information, behavior and preferences mentioned above to ourselves, under the assumption that it isn't anyone else's businessis the inevitable result of the rapid improvement in the very information systems it is the job of CIOs to plan and operate. And as Eric Nee notes in his column this month, we are developing new technologies, such as RFID and advanced analytical systems, that carry with them the potential to intrude even further into people's lives (see page 27). As with any form of scientific progress, whose responsibility is it to make sure the power of these new technologies is not abused?