No this isn’t a reference to the start of the Lord of the Rings Trilogy, but that could be fun.
There is a difference between ‘how can we make this safer’ and ‘is this safe’.
The first carries with it the assumption that whatever ‘this’ is, it is part of something bigger that has been deemed to be correct, wise, or the way to go. While the second, is asking the question about the bigger.
So when our information and security (InfoSec) teams conduct security audits, data protection audits, privacy impact assessments, they answering the first question. They are looking at technology and systems and figuring out ways for us to use them in the safest way possible. This can be a complex biometric system or a simple data collection tool. As one InfoSec person told me, “tell me what system you want to use and I’ll secure it for you.”
When teams and organisations debate whether or not they should even be collecting biometrics or using artificial intelligence at all or in certain contexts, they are answering the second question. These debates tend to ask what the purpose is, who benefits (and who doesn’t), where the harms lies, what our assumptions are, our theory of change, our beliefs about technology, and how all of this fits with our organisational, cultural, and personal values and beliefs.
We need to be asking both questions, not just one.