Striking a balance between privacy and security is a difficult problem for any industry, but it has become especially challenging for universities in the wake of multiple instances of campus violence over the last few years.
It’s easy to assume that privacy and security are inherently at odds with one another, but Lisa Ho (pictured), campus privacy officer at the University of California at Berkeley, believes that you do not necessarily have to sacrifice one for the other. She provided her perspective on students’ need for privacy at the university in a conversation with Jeff Frick, co-host of theCUBE, SiliconANGLE Media’s mobile video studio.
Ho was attending a Data Privacy Day event held Thursday by the National Cyber Security Alliance at the San Francisco headquarters of Twitter Inc., a sponsor of the event. Data Privacy Day is an annual celebration to recognize the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty concerning privacy and data protection.
This is one of a series of interviews the CUBE conducted at the conference with top executives and thought leaders in data privacy and security. More interviews will run in coming days.
Ho said the university needs to address privacy issues because they’re at the heart of whether students succeed. “What kind of feedback you get, what kind of critical evaluation—those need to be done in an area where you have the privacy to not have a reputation that you need to live up to or to live down,” Ho said. And in academic research as well, she said, “creativity requires time to develop and freedom for taking risks.”
Asked how UC Berkeley balances privacy and security for students, Ho said the university does not actually view the two concepts as opposites. “I don’t want to create a false dichotomy of it’s either privacy or it’s security,” Ho said. “That’s not the frame of mind that we want to be in because it’s important to have both.”
Ho noted that security is a necessary component of privacy, whether it is systems such as two-factor authentication, network segmentation or others. She acknowledged, however, that there are certain areas of security that can conflict with privacy, particularly when it comes to monitoring for potential threats. However, Ho argued that these areas are where concern for privacy becomes even more important.
When developing new systems for monitoring, Ho said that it is important to ask questions not only about how that data is intended to be used, but also how it might be used in other use cases. For example, what would happen if that data is requested by a subpoena? What if the data were stolen by a hacker?
Ho also said that the entire design of the monitoring systems should be questioned before they are implemented, and institutions should ask whether there are alternative solutions that could provide the same value. Most important, she said that every action concerning privacy should be open information to the community being monitored: “Keeping transparent about it and keeping accountable to what you’re doing are really the key.”
Another growing privacy issue concerns the wealth of data being gathered on student performance, both in academics and athletics. Ho conceded that this is murky territory that has yet to be resolved.
“Who owns that [data]?” Ho said. “Is it the student, is it the university, is it the company that we work with to provide monitoring the analytics on that?” She added that these questions will continue to be important, especially as such data is used in commercial settings where students might not realize what their data is being used for.
In today’s data-drenched world, it might be easy to lose hope that students could retain any kind of privacy. But Ho said it’s still worth fighting for. “The kind of idea that privacy is dead is only true if we don’t care about it anymore,” she said. “If we care about it and we pay attention to it, then privacy is not dead.”