Tuesday, February 5, 2013
Legal scholarship tends to conflate privacy and security. However, security and privacy can, and should, be treated as distinct concerns. Privacy discourse involves difficult normative decisions about competing claims to legitimate access to, use of, and alteration of information. It is about selecting among different philosophies, and choosing how various rights and entitlements ought to be ordered. Security implements those choices – it intermediates between information and privacy selections. This Article argues separating privacy from security has important practical consequences. Security failings should be penalized more readily, and more heavily, than privacy ones, because there are no competing moral claims to resolve, and because security flaws make all parties worse off. Currently, security flaws are penalized too rarely, and privacy ones too readily. The Article closes with a set of policy questions highlighted by the privacy versus security distinction that deserve further research.