Surveillance, Privacy and the Law of Requisite Variety

  • Vasilios Katos
  • Frank Stowell
  • Peter Bednar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6514)


In both the academic literature and in the media there have been concerns expressed about the level of surveillance technologies used to facilitate security and its effect upon privacy. Government policies in the USA and the UK are continuing to increase surveillance technologies to counteract perceived terrorist threats. Reflecting upon Ashby’s Law of Requisite Variety, the authors conclude that these policies will not meet espoused ends and investigate an alternative strategy for policy making. The authors develop a methodology by drawing on an isomorphy of concepts from the discipline of Macroeconomics. This proposal is achieved by considering security and privacy as economic goods, where surveillance is seen as security technologies serving ID management and privacy is considered as being supported by ID assurance solutions. As the means of exploring the relationship between surveillance and privacy in terms of the proposed methodology, the authors use scenarios from a public report commissioned by the UK Government. The result of this exercise suggests that the proposed methodology could be a valuable tool for decision making at a strategic and aggregate level.


Ashby’s Law of Requisite Variety Systems Macroeconomics Surveillance Security Privacy 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ashby, W.R.: Design for a Brain. Halstead Press, New York (1960)CrossRefzbMATHGoogle Scholar
  2. 2.
    Beer, S.: Brain of the Firm, 2nd edn. Wiley, Chichester (1981)Google Scholar
  3. 3.
    Westin, A.F.: The 1996 Equifax-Harris Consumer Privacy Survey. Equifax Inc., Atlanta (1996)Google Scholar
  4. 4.
    Williams, M.: The Total Information Awareness Project Lives On (2006),
  5. 5.
    Brunk, B.: Understanding the Privacy Space. First Monday 7(10) (2002),
  6. 6.
    Klopfer, P., Rubenstein, D.: The Concept Privacy and its Biological Basis. Journal of Social Issues 33, 22–41 (1977)CrossRefGoogle Scholar
  7. 7.
    Odlyzko, A.: Privacy, Economics, and Price Discrimination on the Internet. In: ACM, Fifth International Conference on Electronic Commerce, pp. 355–366 (2003)Google Scholar
  8. 8.
    Westin, A.: Privacy and Freedom. Atheneum, New York (1967)Google Scholar
  9. 9.
    House of Lords, European Union Committee.: The Passenger Name Record (PNR) Framework Decision, 15th Report of Sessions 2007-08, London, the Stationary Office Limited (2008)Google Scholar
  10. 10.
    Danezis, G., Wittneben, B.: The Economics of Mass Surveillance and the Questionable Value of Anonymous Communications. In: Fifth Workshop on the Economics of Information Security (2006)Google Scholar
  11. 11.
    Crosby, J.: Challenges and Opportunities in Identity Assurance, HM Treasury (2008),
  12. 12.
    Schlicht, E.: Isolation and Aggregation in Economics. Springer, New York (1985)CrossRefzbMATHGoogle Scholar
  13. 13.
    Information Technology Association of America: Identity Management: Building Trust, Mitigating Risks, Balancing Rights. White Paper (2005),
  14. 14.
    BBC: Brown apologises for records loss (2007),
  15. 15.
    Collins, T.: HMRC’s Missing Child Benefit CDs - What Went Wrong and Lessons for NPfIT and ID cards. Computer Weekly (2007),
  16. 16.
    Wang, R.Y., Allen, T.J., Harris, W., Madnick, S.E.: An Information Product Approach for Total Information Awareness. MIT Sloan Working Paper No. 4407-02; CISL No. 2002-15 (November 2002),
  17. 17.
    Straub, D.W.: Effective IS Security: An Empirical Study. Information Systems Research 1(3), 255–276 (1990)CrossRefGoogle Scholar
  18. 18.
    Lucas, H., Olson, M.: The Impact of Information Technology On Organizational Flexibility. IOMS: Information Systems Working Papers, New York University, IS-93-49 (1993)Google Scholar
  19. 19.
    Wang, L., Wijesekera, D., Jajodia, S.: Cardinality-based inference control in data cubes. Journal of Computer Security 12(5), 655–692 (2004)CrossRefGoogle Scholar
  20. 20.
    Sweeney, L.: k-anonymity: A Model for Protecting Privacy. International Journal on Uncertainty, Fuzziness and Knowledge-Based Systems 10(5), 557–570 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Bishop, M.: Computer Security: Art and Science. Addison-Wesley, New York (2002)Google Scholar
  22. 22.
    Katos, V., Patel, A.: A Partial Equilibrium View on Security and Privacy. Information Management & Computer Security 16(1), 74–83 (2008)CrossRefGoogle Scholar
  23. 23.
    Inness, J.: Privacy, Intimacy and Isolation. Oxford University Press, Oxford (1992)Google Scholar
  24. 24.
    Branson, W.H., Litvack, J.M.: Macroeconomics, 2nd edn. Harper & Row, New York (1981)Google Scholar
  25. 25.
    Dornbush, R., Fischer, S.: Macroeconomics, 7th edn. McGraw-Hill, New York (1998)Google Scholar
  26. 26.
    Grossklags, J., Acquisti, A.: When 25 cents is too much: An experiment on willingness-to-sell and willingness-to-protect personal information. In: Proc. of the 6th Workshop on Economics and Information Security, Pittsburgh, USA (2007)Google Scholar
  27. 27.
    Schoderbek, P.P., Schoderbek, C.G., Kefalas, A.G.: Management Systems: Conceptual Considerations, Irwin, Boston (1990)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Vasilios Katos
    • 1
  • Frank Stowell
    • 2
  • Peter Bednar
    • 2
    • 3
  1. 1.Department of Electrical and Computer EngineeringDemocritus University of ThraceGreece
  2. 2.Information Systems Research Group School of ComputingUniversity of PortsmouthUK
  3. 3.Department of InformaticsLund UniversitySweden

Personalised recommendations