Can Security and Privacy Co-exist?

Benjamin Franklin famously wrote: “Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.” A follow-up question to Franklin would likely be: But is privacy an essential liberty?
Benjamin Franklin famously wrote: “Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety.” A follow-up question to Franklin would likely be: But is privacy an essential liberty?

It’s a debate so widely discussed, and yet so fundamentally misunderstood. On bumper stickers across the US, especially in the sprawling, landlocked red states, the verdict is already written. ‘Freedom isn’t free’, the slogan says.

What the soundbite highlights is the ongoing tussle between privacy and security. How much of one do you have to relinquish for the other?

False Dichotomy

Bruce Schneier wants to reframe the debate. In the past, he has pointed to others who have suggested that privacy versus security is a zero-sum game. Those people, who often tend to be in national security positions, argue that to have more of one, you must have less of the other.

“We’ve been told we have to trade off security and privacy so often – in debates on security versus privacy, writing contests, polls, reasoned essays and political rhetoric – that most of us don’t even question the fundamental dichotomy. But it’s a false one”, Schneier has said in the past.

Why? Why should we not give up some basic privacy so we can feel safer? And what about other common arguments, such as the idea that if you’ve nothing to hide, giving up your privacy is a small price to pay for feeling protected?

One of the first problems lies with definition. There are various interpretations and definitions for security, one of which is that it is based on identity, explains David Fewer, director of the Canadian Internet Policy and Public Interest Clinic. “When you base security on identity, you have to survey someone all the time, which is an incredibly inefficient paradigm unless you just build it into the system”, he observes.

"For the last 20 years or so, we have developed technologies such as blind signatures and anonymous credentials. There is a stream of research based on cryptography that shows how we can get the best of both worlds"
Alessandro Acquisti, Carnegie Mellon University

A more appropriate approach might be to concentrate on infrastructure rather than identity, he argues, using air travel as an example.

“The last time I looked, all of the focus was on the passenger side of the plane, with very little on the infrastructure side, in terms of how planes function”, Fewer says, arguing that securing cockpit doors has achieved more in terms of security than all of the secure watch lists and other identity-focused activity.

The Economics of Privacy

There is another common misconception in modern definitions of both security and privacy, warns Kim Taipale, founder and executive director of the Stillwell Center for Advanced Studies in Science and Technology Policy. He warns that people still think about both terms as though they are living in an analog world without understanding the implications of moving to a digital one. “The transition is the problem, and it’s this that people haven’t figured out how to deal with”, he says.

In years gone by, privacy was protected by the inefficiencies of our communication technologies. “The friction of finding out information about someone in the old world was sufficient to protect your privacy”, Taipale explains. There was a fundamental trade-off between surveillance and economics, because it took more work to obtain information.

"When you base security on identity, you have to survey someone all the time, which is an incredibly inefficient paradigm unless you just build it into the system"
David Fewer, Canadian Internet Policy and Public Interest Clinic

These days, surveillance can be done cheaply. And it carries other problems, he warns. During the Cold War, surveillance could be targeted at a particular individual. “Today, even if you know who the bad guy is, the problem with digital technology is that there isn’t a single wire to tap”, Taipale says. “If I tap a switch, then by definition I will see everyone’s communication.”

Moreover, in analog days, it was easier to observe patterns of behavior that might indicate a security risk. In the digital world, such patterns are all online. “It means that you have to surveil all of the good guys too, looking for anomalies and suspicious activity”, he continues. In a digital world, it is difficult to watch a single person without surveilling everyone.

Necessary and Proper?

Does this mean that we have to adopt the kind of Total Information Awareness measures that we have seen in the US, Canada, and the UK? Governments certainly seem to think so.

Legislation introduced since September 2001 has increasingly focused on gathering as much information as possible. The USA PATRIOT Act is one example. In Canada, the government has made dark threats about lawful access legislation that would make it possible to obtain information about internet users without seeking a warrant. Privacy legislation in The Great White North is also being adjusted to allow larger loopholes for information sharing agreements that do not need to be explicitly legislated in a way that is accountable to the public.

Needless to say, privacy advocates are increasingly nervous about such measures. “We are very against warrantless wiretapping. These are deeply embedded systems used to obtain information”, comments Amie Stepanovich, counsel at the Electronic Privacy Information Center (EPIC). “When you bypass those systems, it creates huge opportunities for abuse.”

What drives legislation toward more extreme measures? David Fewer argues that legislators are driven by a realpolitik, in which political actions focus on real-world outcomes rather than abstract ideologies. Lawmakers ask for everything, with the understanding that they’ll have to compromise something on their wish list.

How do we establish a more moderate debate in which both sides can find a middle ground? Fewer proposes a system of checks and balances and accountability, in which people understand how surveillance systems are being used.

"We are very against warrantless wiretapping. These are deeply embedded systems used to obtain information"
Amie Stepanovich, EPIC

“The flip side to this is to ask ‘why are you asking for these powers? How are you unable to do your job now? Why are the bad guys getting away because you lack power?’ We don’t have that body of evidence”, he argues.

This leads to the ‘nothing to hide’ argument. The average person may argue that, if they are not one of the bad guys, then they will not mind giving up some privacy so they can be protected from malicious elements in society. Stepanovich disagrees with this line of thought.

“You still don’t want everyone to know everything about you”, she says. “If someone has a cancer scare or knows someone with one, and they search for information about that online, do you really want an insurance company getting hold of that information, if it causes you harm?”

An even more serious example is the case of Maher Arar, a telecommunications engineer with dual Syrian and Canadian citizenship. Arar was detained by the US government as a terrorist suspect, before being sent to Syria, where he was tortured.

Arar was not associated with terrorist groups, and was exonerated by a Canadian enquiry after the fact, although the US still refuses to remove him from its watchlist. This highlights how even those with nothing to hide can fall victim to misguided conclusions formed by institutions that believe its information is accurate.

Mutual Benefits

But a new understanding of security that focuses on infrastructure while protecting privacy may also be appropriate. If we abandon the idea that privacy and security are opposing forces in a zero-sum game, and instead embrace the idea that one can support the other, we may get further ahead. Alessandro Acquisti, associate professor at Carnegie Mellon University, says that the technology already exists to support these concepts.

“For the last 20 years or so, we have developed technologies such as blind signatures and anonymous credentials. There is a stream of research based on cryptography that shows how we can get the best of both worlds”, he contends. “We can protect ourselves while sharing certain data. You can authenticate transactions without identifying individuals.”

So, instead of using identifiers such as Social Security numbers, which Acquisti’s research has already shown are predictable, it is possible to use other credentials that prove things about an individual without revealing who they are. Such proposals mirror some of the suggestions made by identity guru Kim Cameron in his work on the laws of identity.

"The transition from the analog world to the digital one is the problem, and it’s this that people haven’t figured out how to deal with"
Kim Taipale, Stillwell Center

Homomorphic encryption technologies can help in this area, Acquisti says. This technology, which allows encrypted data to be analyzed without being decrypted, can be used to protect information while acting on it. It could be used, for example, to compare an individual’s data against a set of records without ever knowing what that individual data (or even who the individual) really is.

Technology solutions, however, are only one part of the problem. Perhaps the more complex issue centers around politics and economics. “The protocols themselves work. They are already out there”, Acquisti confirms. “The devil is in the detail.”

Retrofitting existing systems in areas such as finance and national security requires not only considerable investment, but also powerful political will, along with an understanding of technology. For the most part, politicians seem to have a hard time understanding the nuances of the technology that they are proposing (or vetoing).

Unfortunately, legislators seem hell-bent on fracturing the concept of privacy and security, offsetting one against the other. This can lead society down dark paths, toward totalitarianism and the police state. The experiences of people such as Mr Arar and others like him suggest that privacy may actually be a supporting tenet of security, rather than something that erodes it.

The danger is that once privacy has been eroded, it is very difficult to get it back, and once the systems designed to erode it have been installed, they are hard to revoke.

Setting proper benchmarks for privacy might be a start, but even here, the legislation is being eroded. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) that serves as a national benchmark for privacy best practice is being altered to allow more warrantless access and sharing of Canadians’ information. A cross-border information sharing initiative with the US is also in the final stages of negotiation.

It is up to policymakers to conduct a deeper dive into these issues, rather than pandering to shallow and simplistic slogans, such as “freedom isn’t free”.

What’s Hot on Infosecurity Magazine?