Security vs. Safety vs. Privacy vs. Anonymity

The recent horrific terrorist attacks in Paris have brought to the fore the ongoing discussion about privacy versus national security and personal safety. An article on the front page of the November 18, 2015 Wall Street Journal by Siobhan Hughes, “Attacks To Fuel Spying Debate,” discusses the issue of government surveillance and the problems that encryption brings to attempts to predict and foil attacks.

Two days later, on November 20, WSJ reporters Danny Yadron, Alistair Barr and Dalsuke Wakabayashi wrote a piece: “Attacks Fan Encryption Debate: Paris assaults prompt renewed government push for Silicon Valley to open up systems.” This article contained an absurd statement. It was from the Information Technology Industry Council (ITI), see, whose members include Apple, Google, Facebook and Microsoft, and read as follows:

“Weakening security with the aim of strengthening security simply does not make sense.”

Of course it doesn’t make sense. That’s not because the underlying concept is senseless, but because of ITI’s use of words, which serve to confuse the argument. What they should have said is that weakening secrecy to strengthen personal safety (and national security), while maintaining privacy, is a worthwhile goal.

The basic encryption argument is that citizens want to protect their information and that their privacy should be respected. Yes, that makes sense. But note that here we are not talking about protecting nonpublic personal information (NPPI) or personally identifiable information (PII), such as Social Security numbers and dates of birth, but about keeping actions and activities secret. So let’s not call it data privacy, but say what it is, namely secrecy. Should we be able to keep secrets? Absolutely.  But what about protecting secrets relating to committing crimes, terrorist acts, and subversion? The real issue is how to distinguish between the two types of secret without infringing upon citizens’ privacy rights. That isn’t easy to do … and we’re not there yet by any means. But we need to work on it as a top priority.

This brings us to the “strengthening security” part of ITI’s statement. The “security” they are referring to here seems to me to be “national security,” which isn’t so much about security per se as it is about protecting personal safety and freedoms while not infringing on citizens’ rights to privacy.

In a front-page article in the November 20, 2015 New York Times with the long title: “A Rattled Europe Tilts Toward Bolder Security, Starting a Rights Debate: Measures Taken by France and Belgium Raise Concerns for Civil Liberties,” Steven Erlanger and Kimoko De Freytas-Tamura report on these countries’ moving “to put new security measures in place and alter their legal and constitutional structures to give government more flexibility in dealing with threats.” This at a time when the U.S. is moving in the opposite direction, namely, restricting government from gaining access to potentially incriminating information in a move to preserve privacy. This is achieved by using strong encryption and by not forcing companies to build back doors into their systems.

This might all appear to be well and good, until you read the article “China to Build Secure Smartphones” by Eva Dou and Juro Osawa in the November 21-22, 2015 issue of The Wall Street Journal. Here we read that “China is seeking to make its own secure smartphones , in an attempt to insulate its handsets from U.S. surveillance.” There is a lot of discussion in the article about various initiatives in securing smartphones by using domestic technology, but there is no mention about whether or not the Chinese  government will build in back doors for its own use.

Now back to the original discussion … Despite ITI’s assertions, it makes perfect sense to discuss the pros and cons of giving up some ability for individuals to keep secrets (which is not the same as giving up control over personal information) in order to enhance national security, thereby protecting law-abiding citizens from potential physical harm and abuse.

We have all heard assertions by CEOs of major ITI members about the importance of data privacy while at the same time they are harvesting truckloads of data (per second) about their customers’ activities. We also see that those who are most vociferous about the threats of government surveillance do not discuss persons’ posting their own personal information and images that are many times more revealing … and potentially much more dangerous.

Post a Comment

Your email is never published nor shared. Required fields are marked *