A panel of security experts at RSA Conference 2015 today debated the ethics of surveillance by governments and corporations, and explored the various uses and abuses of spying and mass data collection.
Asked if privacy must inherently be sacrificed in the quest for security, for example when information is required by governments in counter-terrorism operations, Resilient Systems CTO Bruce Schneier argued that “we don’t feel secure in a police state.”
Both privacy and surveillance are complex terms, he said, with multi-faceted, context-driven implications.
Several panelists raised the point that proper ‘checks and balances’ must be in place to ensure that certain groups’ ability to enact mass surveillance does not result in rights abuses.
Morgan Marquis-Boire, senior researcher at Citizen Lab, University of Toronto, said that, “Blanket surveillance is viewed as the cornerstone of police states and prone to rights abuses by the people that control it. As well as preventing threats it does quell dissent. Therein lies my worry. I would like to be secure but I would also like to feel I wasn’t being watched all the time. Therein lies the dichotomy we face today.”
Beau Woods, founder and CEO of Stratigos, countered that this debate would be couched in very different in terms in other parts of the world: “You would get different answers to this debate in Asia. They look more at the quality of the information than the quantity of the information.”
The power for surveillance cannot be “asymmetrical” if it is to be deployed ethically, said Yahoo CISO Alex Stamos: “When all the information flows one way that’s when it gets dangerous.”
An example of something approaching ‘symmetrical’ surveillance, moderator Davi Ottenheimer offered, is ‘cop cams’ that record the activities of police officers so that abuses of power can be tracked. Schneier, despite being a privacy advocate, said that he was “grudgingly in favor of [cop cams] for now.”
He continued: “You have to think about power balances. Surveillance increases [a government’s] power. You have a greater differential. That’s bad for liberty. Forced openness in people decreases power. What we need to do as technologists is empower the not powerful. That is inherently what we want. We want to slow down some of the totalitarian uses of technology and speed up some of the technology that allows personal privacy.”
Maquis-Boire concurred that “technology access is a power amplifier.”
Woods also proffered examples of how data collection could be used by governments for beneficial reasons, such as in developing countries where information about crop yield and agricultural conditions in remote regions, could be relayed back to central government, giving “An almost real-time visibility into poor and under-served nations.” This could be instrumental in speeding up the fight against poverty.
The key question, Woods said, is “How can technology be given to the powerless to enable them without giving away privacy?”
The answers to these concerns go beyond the domain of the technological, the panel agreed. There was some consensus that information security can feel like a bubble at times – with greater need for outreach beyond its borders.
One audience question put to the panel was over the role of the individual in influencing the privacy debate at a higher level.
“These are political questions,” Schneier said. “These will become issues only if we make them issues. Social change takes a long time.”
Stamos, meanwhile, argued that security within technology should be so deeply ingrained in products and technology going forward, that it shouldn’t have to enter the mindset of average users.
“We need to make it so that the user doesn’t need to know anything,” he said. “If the user needs to know something to keep themselves safe then you have failed as a product designer.”
The panel also discussed mass data aggregation by enterprises. While Schneier expressed concern about what the likes of Google, Facebook and others are doing with our personal data, Marquis-Boise argued that “We should not conflate the stuff we consent to because we get a service for free with [government] stuff where we have no idea what’s going on.”
Schneier is not “not convinced” that users of services like Google are truly in a “consensual” relationship with the service-provider when it comes to how their data is used.