Socrates Was Wrong: How Far Is Privacy on the Decline?

Electronic data processing? Fine with me! Since  more than 30 years now our personal data are being processed electronically - we all got used to it and do not think a lot about it any more. But we should: the risk has changed. Computing concepts of the 70ies have mostly disappeared and today's data guards are not trusted civil servants in a mainframe environment any more. They often are low-paid (though smart and capable!) employees, be it for reasons of cost cutting in IT operations or for concentration on the core business where IT is just a side issue. Simultaneously, data storage capacities have grown immensely in the last 10 years such that today it is extremely simple to carry away gigabytes of valuable data in your pocket. This combination of low salaries, high value data (literally at the guards' fingertips) and expert knowledge has created a huge risk, and the say of ancient Greek Socrates that guards are protected by a noble lie does not hold any more: Today they are not protected at all! It already happened. Stolen data being bought by governments for millions sounds like an espionage story, but in 2008 it visibly happened when Germany took a new approach to fight tax evasion. Also the US put up a lot of pressure against Swiss banking offshore models, and traditional laws could not be combined with law enforcement requirements in the digital world. Telecommunications data got stolen and partly published, blackmail approaches were launched, business models abandoned, legal backdoors sought and found. The damage went into the millions and got life threatening for some of the involved parties; others stumbled and fell. Who guards the guards? But the main trend remained unbroken: More and more data are becoming available to more and more low-paid persons. The problem is not with technical IT security any more but with Socrates' question of "Who guards the guards?"
It is now time to properly address this challenge and come to a more holistic approach to information security, covering areas such as international harmonization of criminal laws, better appreciation of the economic value of personal data, understanding each others' cultural background on privacy and creating interoperable standards and regulations. There are a number of options for next steps in a global information environment, but all of them would require us to take information security more serious and not treat it as a technical matter or an exotic infrastructure issue alone.