In a forthcoming paper, I argue that security and privacy issues differ in important ways that are typically neglected by both scholars and courts. If you’re in Chicago at the end of the week, you can hear me drone on about the piece on a panel on cybercrime at a symposium at Northwestern University School of Law run by the Journal of Criminal Law and Criminology. (It runs from 10:30am – 4:30pm, with a reception afterwards. NwU is at 375 E. Chicago Avenue, and the symposium is in Lincoln Hall, Levy Mayer 104.) Hope to see you there! Here’s the abstract:
Legal scholarship tends to conflate privacy and security. However, security and privacy can, and should, be treated as distinct concerns. Privacy discourse involves difficult normative decisions about competing claims to legitimate access to, use of, and alteration of information. It is about selecting among different philosophies, and choosing how various rights and entitlements ought to be ordered. Security implements those choices – it intermediates between information and privacy selections. This Article argues separating privacy from security has important practical consequences. Security failings should be penalized more readily, and more heavily, than privacy ones, because there are no competing moral claims to resolve, and because security flaws make all parties worse off. Currently, security flaws are penalized too rarely, and privacy ones too readily. The Article closes with a set of policy questions highlighted by the privacy versus security distinction that deserve further research.