Escrowed Data and the Digital Envelope

As computers continue to permeate all aspects of our lives, there is a growing tension between the requirements of societal security and individual privacy. Societal security encompasses all ways in which we try to make the world more secure, including transport security, financial security, infrastructure security, etc. A prime mechanism for achieving this security involves collecting quantities of data about individuals, for example via ISP logs, mobile phone logs, ticketing systems, and banking systems. As a result, massive databases about every aspect of our lives are being collected by organisations in all the major industrial sectors (financial, transport, retail, telecom, internet, and health care). These data collection has an impact on individual privacy. The unprecedented longevity, searchability, and especially the composability from different sources of these records imply a radical reduction in the level of individual privacy we can expect to enjoy over the coming decades. Numerous reports have documented this impact and its detrimental consequences to society’s well-being (e.g., in the UK, [3, 2]). There is no easy solution to this problem, because the security uses of the data are too important to be denied. Their use in crime detection is an example. About 440,000 requests by the police, local authorities and other permitted organisations to monitor telephone calls, emails and text messages were made in a 15 month period in 2005-06 in the UK [3, pp.32-33]. The “Intercept Modernisation Programme” is a UK Government initiative to centralise electronic communications traffic data in the UK in a single database [5, 8]. In another example, the UK intelligence agencies MI5 and MI6 have have sought full automated access to Transport for London’s ‘Oyster’ smartcard database [10]. Debate about balancing security and privacy is taking place at all levels of society [9, 3, 2, 4, 1, 7], and will likely continue for many more years.