Cyber Security vs. Data Privacy: Differences, Challenges and Way Forward

Cybersecurity: In 2013 the entire world was taken over by a storm when Edward Snowden, a contractor working for the national security Agency of the USA revealed the extent of the surveillance program undertaken by the NSA. The revelations were unprecedented and unheard of in modern times. It was like some hi-fi science fiction stuff happening in reality.

NSA had been undertaking a massive program where it scrutinized almost every bit of data generated in the cyber domain on the pretext of warding off threats. No one was spared, starting, from a foreign embassy to government offices, servers of giant internet organizations like Microsoft, Google, Facebook all came under the radar of NSA.

After the dust settled down it ensued a massive debate over how ethical were the actions undertaken by NSA? It evoked a mixed response. While some government agencies and their security apparatus defended the program stating that it was essential for global security while on the other hand civil society, internet service providers, netizens decided the actions as a threat to their privacy and immediately asked NSA to put a stop to their program.

image: Cyber Security vs. Data Privacy: Differences, Challenges and Way Forward
image: Cyber Security vs. Data Privacy

Debate over Security vs Privacy:

The debate over security vs privacy is a complex one and has no single-piece answer. In the early 90’s Tim Berner Lee a computer scientist pioneered the concept of the world wide web (www) and it’s unarguably the single most important change that technology and fields of communication have ever seen. It made the nation of distance and physical barriers absurd. Everyone now was within the reach of a click of a button. The people quickly adopted this technology and today more than 5 billion people are connected 24×7 with each other.

Concept of e-governance:

The paradigm shift in technology also led to the overhaul of government processes. The concept of e-governance emerged and all the works got shifted to the internet. Soon banking operations, stock market, currency exchange were taking place through the internet. Despite its growth, in the earlier days, the use was for mostly official purposes.

Another Epoch:

However, another epoch-making event took place with the launch of google search, mail services, social media platforms like Facebook, Twitter. The internet also spread to mobile phones which got transformed into smartphones and tablets. All the above led to a virtual world concept where you could be offline but you will be 24×7 online through your e-mail account, social media, and bank account. Thus along with a physical body one also had a ‘virtual body’ one could communicate, share ideas get educated without revealing his own identity.

Cyberspace emerged as a global common. It was the most democratic platform the world had ever seen. It became highly decentralized without any single authority regulating it.

However, as with any other technology, this also had a flip side to it and the world didn’t have to wait longer to see the dangerous aspect of it. The whole concept of security and threat got redefined. Earlier one had to make physical contact with someone to harm but now one could launch a massive attack in a country from the comfort of his room.

Data stealing:

It soon led to the development of bugs, malware viruses, etc to infect and damage, the computer system of an individual or government agencies. Hacking, defacing of government websites stealing of data became common. With most of the world’s critical infrastructure in the form of banking, stock market, nuclear plant, hydel power plant, being online one could cause irreparable damage to these systems without revealing the identity.

A grave incident that brought the concept of cybersecurity to the limelight was when US and Israel attacked an Iranian nuclear power plant with the Stuxnet virus.

Rise of Cyber-Terrorism:

The technology was widely used by terrorist organizations planning and coordinating their attack in a much effective manner. It was a boon for them and they increasingly employed it to their advantage. The world which was already coping with these militants had to brace up for a new challenge. Their activities further spawned other nefarious elements in the form of drug trafficking, recruiting militants, black money, extortion, etc.

Emergence of Cybersecurity:

Thus the need to secure cyberspace was urgently felt and it led to the emergence of ‘cybersecurity’ under which government agencies monitor and regulate the internet traffic coming in and going out of their countries to track decode and decipher messages which could lead to a potential attack in the future.

Now looking at previous arguments it seems clear that if cyberspace is to function as a secure environment the strengthening of cybersecurity infrastructure has to take place. However, the real question is how much of it should be there and the hour it should be undertaken. Because there is essentially a trade-off between increasing cybersecurity and one’s privacy in the digital world.

Imagine your daily activities being watched over by some third person and that too without your information. The person has complete knowledge of your food habits, likes, dislikes. financial transactions, confidential information, etc. Wouldn’t it make someone uneasy? The ‘Big Brother is Watching you’ effect would definitely affect the manner in which we go about doing our business. We would be constantly living under the fear of being monitored or even arrested for even innocuous activities.

Regulate the Web: The thin line between

So we have to draw a line somewhere because over-regulation undermines the very spirit of the internet. The first step in this regard would be fixing the accountability of security agencies who undertake such surveillance activities. If they are tracking someone then preferably he/she should be informed at the and of day/month about the information being scrutinized.

Second, these agencies do not generally function under the legislation and therefore their working is opaque and clouded in mystery. A proper law delineating the mandate of these agencies and having a multistakeholder approach to these regulations would be the key. Ideally, representatives of civil societies, internet agencies, lawmakers, and the government should brainstorm and chalk out a plan that protects the interests of both netizens and the country.

Software and social media firms like Microsoft, Facebook, Twitter should also be made accountable for any leak of data or sharing of information with the security agencies. They should also come out with stricter encryption standards and more research and development should be undertaken in this regard.

It should also be followed by educating the public about various cybersecurity threats. It’s commonly seen that people don’t logout from their social media accounts or use weak passwords everywhere or install software from spurious websites. According to a report by Kaspersky Lab which specializes in anti-virus, India is one of the biggest victims of cyberattacks, and with the growth in the number of laptops and penetration of the internet in the rural area, the danger will substantially increase.

The activists for privacy should also realize that having a strong cybersecurity framework ultimately benefits people and protects their privacy rather than threatening it for example a responsible security agency would not manually read email communication or chat but if the security is less them many anti-social elements on the internet would hack into the privacy of an individual.


Thus, both proponents and opponents have to relent from their existing ‘no-compromise stand and strive for a transparent, accountable, democratic cybersecurity architecture. This will settle the conflict between security and privacy and would ward off threats to cyberspace.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.