SEATTLE, Washington -- If Sept. 11 really changed everything, it has not been apparent over the last two days, as Internet security and privacy policy wonks met here to sort out the contradictions between the two.
Several dozen industry and government representatives from throughout the developed world have been talking about the conflicts between Internet privacy and security. For the most part, they argued that there really is no contradiction between the two at all.
"The real issue is not 'privacy versus security, period but privacy versus security, question mark,'" said Andrew Konstantaras, executive director of the Internet Law and Policy Forum, which has organized conferences on the subject annually for the past seven years. "Is the struggle between security and privacy a zero-sum game or are they two sides of the same coin?"
ILPF members are information industry heavyweights like AOL Time-Warner, Oracle, Fujitsu and British Telecom.
While the national cyber-security plan was being unveiled in Palo Alto on Wednesday to largely lukewarm reviews for its lack of specific recommendations, speakers at the ILPF conference were generally supportive of an industry-led approach to handling security on the Internet, as embodied in the draft policy.
Stuart Baker, a partner in the law firm of Steptoe & Johnson, said three bad ideas had been dropped from the draft policy: calling for Internet Service Providers to be responsible for the security of the content of their customers' hard drives; making corporate boards of directors directly responsible for their company's security and privacy arrangements; and the creation of a single centralized Network Operating Center for network operating centers making up the Internet backbone.
At panels on Internet privacy policies, speakers said one principal problem is how different countries and cultures approach policies to protect privacy on the Internet. While the United States tends to treat government collection of personal information with suspicion while trusting the private sector to deal with data collecting and privacy policies, in Europe the balance is largely reversed.
Europe has been leading the world in e-privacy regulation, said Christopher Kuner, a Brussels-based attorney who has served on a number of international agencies dealing with the issue. With 15 member countries following the EU Commission's directives on the subject, and at least three other European nations following suit, he said, their policies effectively cover one tenth of all the countries of the world, and approximately one sixth of the wired ones.
Toshihiro Ozaki, of IBM Japana, said a debate is going on now in their national legislature, the Diet, on whether to go in the U.S. or the European direction.
"We all know how Japanese are very good at imitation, so they have adopted both," he said.
Like Japan, to some degree, Canada has taken a middle road between Europe's strongly regulatory tact and the United States' laissez-faire attitude. Suzanne Morin, a senior attorney for Bell Canada, and co-author of the Canadian Privacy Law Handbook, said her country has tried to strike a balance between a "light-handed" self-regulatory approach to protecting private information, and adopting a set of specific rules of acceptable privacy policies.
Canada's Personal Information and Electronic Documents Act gives individuals the right to know why organizations are collecting information and how they plan to use or share it. Canada also has a Privacy Commissioner who can intervene to settle disputes between individuals and organizations.
