Schneier on Security
A blog covering security and security technology.
« Open-Source Software Feels Insecure |
| World War II Tunny Cryptanalysis Machine Rebuilt at Bletchley Park »
June 3, 2011
Security vs. Privacy
Daniel Solove on the security vs. privacy debate.
Posted on June 3, 2011 at 6:41 AM
• 44 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Interesting enough. For me, however, there is no "vs" in this. Privacy is part of my security requirements.
The problem here is not security or privacy, it is governmental obsession with monitoring its subjects.
I am not sure what invasions of privacy actually improve security, most are just invasions of privacy.
Warning the argument as titled is "security v privacy"
However he is actually talking about surveillance and invasive security of various forms.
Much like the term 'intellectual property' conflates copyright, patent, trademark, and trade-secret protections, I wonder if 'security' can more usefully be seen as a combination of more specific concerns.
Certainly, there's a lot of fuzzy thinking produced by treating all of the various intellectual property protections together, when indeed some of them are completely incompatible (e.g. patent and trade-secret protections). I wonder if breaking security down into significant components would help make the trade-offs and compromises clearer. As a starting point I might suggest Steven Hoober's comment from yesterday:
"secrecy (bury the bone), privacy (hide in a bush), and safety (I haven't been killed yet)"
I agree and it isnt just the title - the whole structure of the argument is as if surrendering privacy is, or isnt, justified for security.
Even in the more clarified (and IMHO better) argument Daniel Solove presents there is still the idea that security can exist without privacy:
Instead, we should ask: "Do you want the government to engage in surveillance without a warrant or probable cause?"
None of the arguments (at least as I read it) address that fact that privacy is part of security.
I think that securing the *state* is the implied objective of the security that Solove is discussing. Here privacy of individuals doesnt really count (sadly) and the only privacy the state is worried about it its own secrets.
We can see with the Wikileaks fiasco what happens when the state feels its privacy has been invaded, yet all the time individual privacy is trampled into the ground.
I think a better framing for this argument would be State Security vs Individual Privacy - but that is just semantics from a bored consultant on a quiet Friday afternoon.
I actually agree with pretty much most of what he has written, my issue is with the idea privacy can be distinct from security.
I like the example Steven Hoober came up with but I think "security" could be described as - "I am less likely to get killed tomorrow."
Security (IMHO) looks more at preventing the future risk from realising itself than the immediate things that occupy most of our day to day lives.
@Clive Actually it's:
"Security" vs. privacy
or more specifically:
Why "security" keeps winning out over privacy
It's pretty clear that he doesn't think what is being talked about is really security, but unfortunately that particular nomenclature battle doesn't seem to be going very well, which means he has to either use the predominate nomenclature and then explain why it's wrong, or have people miss the argument entirely because he uses a more accurate term that people don't recognize.
Excellent article. Thanks for the link, Bruce.
I think such intrusions into our privacy are analogous to the "camel's nose" warning. Once you've got the nose, expect a tent full of camel to follow.
Maybe it's just because I work in IT, but I definitely see security as broader than just safety or risks to future safety. A risk to privacy or the integrity of stored data seems just as much a security concern to me.
I do like the security as risk management point though, and that can apply reasonably well across all of the different aspects of security I've been talking about.
100% Privacy for the individual is part of "personal security" the flip side 0% Privacy for the individual is part of "National security".
These are but to end points on a line, or ends of a pendulums swing.
It should for a whole host of reasons never stop at either end for society would cease to exist in a meaningfull way it it did.
A further problem is that Privacy is just one dimension of "security" which in turn can be viewed as but just one dimension of a persons life.
We know that security can never be at 0% just as it can never be at 100%. So we have to settle on an exceptable risk as individuals, as members of families societies, nations and organisms on the earth.
One problem is that security is very nebulous like most concepts you cannot reach out your hand and touch it, only the physical realisation of one or more of it's implied consequences.
In fact it is so nebulous in some cultures they do not have a seperate word for it they simply lump it in with safety.
Thus splitting the various aspects and dimensions out of security will go a long way to simplifying both our understanding and our ability to manage the risks.
But to manage risk or any other aspect of existance you have to apply the "Scientific method" an essential part of which is the ability to actually be able to measure in a reliable verifiable and quatifiable way what itt is you are talking about in order that you can test it.
Which is why the oft heard expression "it will improve security" is a waste of of the breath that uttered it. Unless it comes from a purveyor of some item of little or no value in an attempt to gull a person of no little or know knowledge, they atleast might sell the little worth item for an overly inflated price.
When ever you hear it you should ask the following questions,
1, in what way?
2, and how was this measured?
3, and the measurment process is certified by whom?
There are various subsiduary questions but invariably you will discover no substance to the claim of "improved" that is credible.
Recent network security stories highlight how greater privacy also provides greater security.
The Gmail social engineering attacks can be addressed with greater privacy: install the EFF’s HTTPS Everywhere Firefox plugin and avoid doing anything on web pages that aren’t encrypted. (Except for Bruce's.) If you teach yourself to expect and look for locked encrypted SSL web pages, you’re much less likely to fall into the trap of passing personal information in the clear through port 80.
Another, better, solution is to become, as I have, a “cloud survivalist”: get your own server and host your own cloud services: email, calendering, addressing, VPN, web proxy, and everything else that you’d find in a corporate IT environment or “free” cloud accounts. This is easy and relatively inexpensive with either a Linux box or a Mac Mini Server. Again, privacy equates to security when you host your own cloud. With good practices, a decent server will have the same or better security as any corporate or “free” account, but being an extremely tiny fish the chances of being targeted are extremely low. And your account will not be scraped for personal data by GOOG, YHOO, or anyone else. And it cannot be scraped without a warrant, as can be done now for any cloud account.
The only real solution I see to attacks like this is to disperse the cloud into micro-cloudlets (water vapor?!) that only speak to each other over encrypted channels. Fragmenting the cloud, if only for greater privacy, can yield immediate security benefits.
Security is a subjective state or feeling. Check Webster's or most dictionaries. Hence the difficulty of defining metrics and measured improvement.
Privacy is the ability to choose what is exposed about the subject (you, a group, etc) when a choice is available. In some contexts, a choice is not available. So video surveillance of public places does not violate privacy in my view. But opening your mail, e-mail, etc is a violation of privacy (in this country/state). So the laws of the state determine the privacy choices available to the subject.
The connection between privacy and security deals with likelihood of violating privacy when the subject has made a permitted choice.
I think that he's on the wrong track.
The real issue is ... do YOU (the elected / appointed official) want to be the one going on record AND TAKING ALL THE BLAME if *something* happens after YOU refuse a new "security" measure?
It's more a case of "politics vs reality" than "security vs privacy".
Your point that agreeing on what needs to be measured and evaluated as a way of agreeing on security improvements is important, but I think the idea of what security IS in these discussions is perhaps even more fundamental.
I've found myself reading accounts of various proponents of 'National Security' and have become cynical enough that the closest working definition I can find to security as some of them apparently think about it is 'managing risks to my ability to maintain the position and power I have attained so far'.
@Clive: That 100% privacy is more difficult than it looks. The government isn't the only thing that can invade your privacy or threaten your security, and in order to protect you from that the government has to be able to find out some things about some people.
In regards to stolen biometric information, what is the downside to that? I thought that the point of biometrics was that everyone has access to the database already. Then they can look at your eyes, look in the database, and verify that you are the person that originally got the eyeball scan put into the database. The downside of stolen data would be that bad guys create fake eyeballs and pretend to be you, but that risk already exists in this scheme.
The risk that I see is not that someone gets read access to the database (stealing data) but that someone gets write access and changes your ID so that you are no longer recognized.
I have recently had talks with my 4yr old about what he discusses with people he meets and had to broach the notion of 'personal' and 'private.' Personal I described as information about us (Mommy had gallbladder surgery). Private is information we don't share with others outside of $GROUP...generally extended family/trusted friends (no one will be home while mommy is in surgery). And personal + private is information we keep to ourselves/immediate family circle (Mommy's surgery cost X dollars).
To extend this description into the world of "security;" at least as it pertains to the TSA. Personal is the contents of my carry on baggage for a flight, private is the photos I have on my camera in said baggage, and personal + private is my junk they are touching (and why I no longer fly). From another perspective, personal is my driving record, private is my fingerprints from that DUI in college (LEO only access please), and personal + private where I drive and when and for what purposes. Or personal (photos), private (naked photos), personal + private (biometric data).
While I agree that some levels of personal and even levels of private may need to have a certain degree of exposure to supply a given level of security, I cannot see where personal + private (outside of a warrant situation) is the business of anyone I do not personally choose to share it with; individual, corporation, state, or federal.
David: "The government isn't the only thing that can invade your privacy or threaten your security, and in order to protect you from that the government has to be able to find out some things about some people."
One can argue against this notion. It goes to the root of the question as stated in the article: Should a government be the one protecting you at all? Or otherwise stated, does government in fact provide security?
The answer is no, it doesn't. In the case of crime, it provides PUNISHMENT for those who have ALREADY violated your security. And there is a considerably excellent argument that punishment provides no benefit in terms of increased security. There are studies indicating that the level of crime in a society is pretty much directly related to the level of economic security (among other factors) rather than the pervasive presence of police forces.
In the case of things like natural disasters, again, government provides ASSISTANCE AFTER a natural disaster has messed you up. And that "assistance" frequently ends up being like the Katrina affair - i.e., little assistance at all and with onerous controls to boot.
In the case of terrorism, the government is the CAUSE of the problem! Without US policy being what it is, there would have been no 9/11. This is a simple fact beyond dispute. It is of course theoretically possible that some terrorist group might have conducted a similar operation based on just about any grievance. But the fact remains that the actual incident was caused by a group with specific grievances against the actions of the US government, not US citizens in general.
And those US government actions are not for the most part subject to the control of the US electorate, because the government has done its utmost to insure that the electorate is ignorant about the real issues. Example: Iraq. Afghanistan. And now the bogus Iran "nuclear weapons" issue.
The notion that the state is necessary to provide for a functioning society has been disproved by thousands of years and numerous societies with no state as that term is used today. Some of those societies I believe have had populations of up to eight million or more, not just small tribes in a jungle somewhere.
Not that I believe any more than anarchism can successfully organize human society. The problems of human society go deeper than ANY form of social organization, whether anarchism or statism. The problems of society originate in human nature, and can only be addressed by altering that nature.
But the presumption that the state is the source of all security is one of the most perniciously incorrect notions involved with security.
Once again for Gipper: There is no security. Suck it up.
@ Richard Steven Hack,
"There is no security. Suck it up"
You should be counciling Sony managment...
Not sure when the news actually broke or if you have heard it but... it looks like Sony have lost another million or so sets of personal details (Names, addresses, dates of birth, Email addresses and possibly CC info). Aparently it was from a service relating to registering for advance preview/info on films or some such.
"I've found myself reading accounts of various proponents of 'National Security' and have become cynical enough that the closest working definition I can find to security as some of them apparently think about it is 'managing risks to my ability to maintain the position and power I have attained so far'"
Yes it's amazing how rude some people on the 'gravy train' are they just will not give up their seats for those in need.
The sad thing is "National Security" is one of those catchalls that politicians love so much like WMD it sounds imposing, but in reality has no meaning that makes any real sense and when invoked gives a feeling of impending disaster that needs immediate and drastic action.
In reality droping your chewing gum wraper can be construed as "effecting the economic well being of the country" but in most cases a simple "can you pick that up please" is the extent of the immediate action required.
Never mind, now the 18 comments show up, was some weird glitch...
Yup. This makes I believe six times Sony has been breached. As one security researcher noted on Twitter today, "Who's the new CSO at Sony? He's obviously doing a bang up job." Of course, I can guarantee you whoever it is, he's constrained by higher management from doing anything useful, let alone effective (or efficient).
Re the current topic, I just noticed a piece on Slashdot about how identity theft is overwhelming the IRS, which is constrained by privacy laws from sharing related information with other LE agencies.
Once again, does this mean the government is being prevented from "protecting you" by privacy concerns - or is the government the CAUSE of the problem in the first place? I submit it is the latter.
In the United States, "security" will always trounce privacy and liberty because we are the "land of the sheep and the home of the terrified." We have been "One Nation Under Fear" for at least a century.
Today we eagerly surrender our privacy, liberty, and even basic human dignity for reassuring but unverifiable promises of protection against terrorism. A crowd of ovine citizens patiently (and probably gratefully) waiting shoeless between switchback ropes at a TSA checkpoint to be strip searched and patted down is the defining symbol of America in the Age of Terror. But before "9/11 changed everything" there were communists under every bed. And also Drugs, against which we remain in a state of Permanent War despite the end of the contemporaneous Cold War. And before the communists there were enemy saboteurs, including innocent citizens of German and Japanese descent. And before that there were Anarchists. It's a lengthy history of Intractable Evil Enemies, all of which indisputably justify government officials demolishing constitutional constraints that get in the way of a promised Victory. After a century of precedent, that has now become the Norm.
Fear is the defining characteristic of American society. And our Leaders are experts at exploiting it to their advantage (and not coincidentally to the advantage of well-connected campaign donors). Our Leaders also know that once a formerly-essential right has been sacrificed (often all too willingly), it's gone forever. Thus, despite Obama's campaign promises of "change" and his Nobel Prize, his approach to civil liberties and executive power differs little in practice from that of his imperial predecessor.
I'm afraid it's too late to do anything about it. Once the Legislative and Judicial branches acquiesced to Bush's assertion of unlimited war powers, the Unitary Executive became supreme. As today's "wars" are against amorphous enemies such as "Drugs," "Terror," and "Child Pornography," we will remain permanently in a state of war in which victory is neither , possible, definable, or even desirable. So the Executive's War Power is now the Supreme Law of the Land. The pendulum has swung decisively to the side of Authoritarianism, its heavy weight knocking down privacy and civil liberties in the process. And many Americans are happy about this, as they fervently Believe it will keep them safe from the Evil that besets our Homeland from inside and out.
Debating "privacy vs. security" is now pointless, and perhaps dangerously unpatriotic. "Security" may not actually keep anyone safe, but it has triumphed nonetheless.
@Richard Steven Hack: I have problems with "Should a government be the one protecting you at all?". It implies that I should have only one protector.
In fact, I do rely on the government to protect me from violent crime. Not to have a police officer follow me around like a bodyguard, but to lower the general incidence. If you live in my neighborhood and get mugged, the authorities will do nothing to get you un-mugged, but if they arrest and convict the mugger I'm a bit safer. (There's also at least one study that says that more police reduces the crime rate, and I rather think that studies on what reduces crime are generally conducted in places where there is a criminal justice system.)
In other services, the government provides a court system where I can sue anybody who illegally violates my privacy. They provide rules (called "laws") that classify some behavior as definitely wrong, and that at least hinders corporations and individuals from behaving that way.
It's far from perfect, and in fact I use a number of other methods of protecting myself, but the government is a vital part of my security. It doesn't and shouldn't provide all my security.
It's off-topic, but I'd love to hear about any society of over a hundred thousand people who lived reasonably well without a government.
And, yes, there is security, specifically there is better or worse security. There is no absolute security for me while I'm still alive. The ancient Greeks had a saying: "Call no man happy until he is dead."
@Richard Steven Hack
"Once again, does this mean the government is being prevented from "protecting you" by privacy concerns - or is the government the CAUSE of the problem in the first place? I submit it is the latter."
In that specific case, I believe it is politics again.
Simple solution - for every case that the IRS becomes aware of, the IRS should notify the victim with instructions to notify their local police who can escalate it.
Then, whichever LEO ends up dealing with it can have the victim request the relevant records from the IRS on behalf of the LEO. There. No privacy violations. No additional authority needed.
Yet the bad guys still get caught.
"The risk that I see is not that someone gets read access to the database (stealing data) but that someone gets write access and changes your ID so that you are no longer recognized"
The problems with biometrics are both many and in some cases subtal.
For instance the electronic form of a biometric record is not what you might think it is, it is usually more like a fifty bit hash in many cases.
Which on the face of it might well be the same for atleast 35000 other people in the world (ie worlds pop ~7billion over the square root of the max size of the hash value). However the chances of an even distribution in such a data set is actually quite small, not due just to the "blond hair blue eyes" issue but the poor assumptions about the base biometric differentiators.
Then there are issues over aging, illness and injury and even various types of medical intervention. A number does not change with time but all natural processes do, and in the case of biometrics often in unpredictable ways at unpredictable times.
The next issue is in what way is the biometric actually linked to your identity, which is actually a major issue for all identity systems.
How do you as an individual know that your biometric can not be substituted?
Let us say that you own a valuable item locked away in a bank etc, with the ownership title recorded against your biometric ID stored in some central Data Base. I decide I want the property what is to stop me changing the biometric ID info in the DB?
We know that changing the numbers is quite easily possible and that audit records are usually shambolic at best. At some point in time long enough for the audit records to have aged beyond reasonable recall, I go to the bank prove title and remove your property.
You go along to the bank at some point and you fail to authenticate as you, what do you do?
Sounds crazy right?
But hang with it for a moment.
Firstly whilst there are systems that could be put in place to prevent this few people understand them and they can be difficult (also read expensive) to implement securely. Banks etc are not known for their ability to implement secure systems at the best of times as the myriad of successful attacks against them have shown.
Secondly we are currently seeing business and other bank accounts being empted by methods that even just a couple of years ago most people would have said were crazy and in the realm of fantasy.
That is the malware gets into the usuall computer used for managing the account at the client end,and then malware at a very low level (drivers etc) not only alows phoney wire transfer orders to be sent but worse recognises the record of the transfer coming back from the bank and puts phony info up on the screen to hide the tracks of the criminals and buy them time.
Due to the malware working at such a low level it can effectivly do an end run around most user installed software.
So biometrics are very far from being actually usefull and in most cases there are much much better ways to do things. Worse they are unreliable at best and subject to all sorts of failure modes other systems don't suffer from.
However "politicos" just seem to love them for reasons many of us cannot understand. And in many respects they are a solution from the 1960's still looking for a problem to solve half a century later.
But biometrics aside Identity systems have real very unsolvable problems as the once head of MI5 once stated publicaly. The simple fact is you cannot prove who you are in many cases. For instance I'm old enough that my parent are very long dead and cremated as are all of those family members of that age so I have an abiguous at best DNA history. Even if you did have a good DNA history how do you link it to your bank, tax and other financial records? the simple answer is you cann't with any certainty. All ID systems suffer from this problem and it is not going to change any time soon.
If secuirty is for the individual and group and privacy is for the individual and group...Should they be different as they aren't opposite/same.
If individual has secuirty the group would have at minimul the secuirty of the individual.
If individual has privacy, at minimal the group would have the same level of privacy.
It would be hard for a individual to raise secuirty/privacy but easy for the group to raise itself by raising the individual
"1, in what way?
2, and how was this measured?
3, and the measurment process is certified by whom?"
1)Remove dep,rwx=777,alsr, well pretty much all defensive measures, and do what they do.
2)Tested with malware and exploits.
3)No breaks eclu/dmca and other laws
Will sell it cheap, but probable sell more products if I up the price 1000X
David: "In fact, I do rely on the government to protect me from violent crime. Not to have a police officer follow me around like a bodyguard, but to lower the general incidence."
But while there are studies that show more visible police presence may deter certain types of public crime, there is no evidence large numbers of police deter crime in general. Again, the only measurable effect is the level of economic security.
Far fewer people become criminals and take the risk of incarceration if they can get socially acceptable jobs at a decent wage. Once someone is poor enough and angry enough (or even just angry enough), the amount of risk is no longer relevant to controlling their behavior. This is true of terrorists as well - I know, I went through the same psychological process. Once that line is crossed, it doesn't matter how many cops you have arrayed against you.
Certainly a smaller number of people will always become criminals for psychological or neuro-physiological reasons, but mostly because current "civilized" society is extremely poor at raising infants to be functioning adults.
"If you live in my neighborhood and get mugged, the authorities will do nothing to get you un-mugged, but if they arrest and convict the mugger I'm a bit safer."
Not really. You're only safer from THAT mugger. Assuming there is a finite number of muggers in your neighborhood AND that the police can reduce that number to zero is a fallacy.
And again, there is mugging which is a crime police presence might affect, and there is burglary which is a crime much less likely to be affected by police presence by definition (because burglars are more stealthy than muggers.) If you start catching the muggers, they learn to become burglars (or car thieves, or whatever is less likely to require standing around in a dark corner where a cop might see them "lurking with intent to loom".)
In general, more police has the same effect as more US troops in Helmand in Afghanistan - the criminals (Taliban) go where the police (troops) aren't. And in most cities, there's no way to pay for enough police to cover everywhere sufficiently. And if your town is protected, the next town over isn't and your criminals go there.
In COIN, the ratio is 20 troops per 1,000 population - which basically means you need a platoon in every neighborhood. Can you see 20 police officers in every neighborhood in a US city?
It's impossible. And even if possible, it's far less efficient than altering the way society deals with people who might grow up to be criminals or how society deals with criminals once caught.
It's like capital punishment. People say it does not deter crime - and in general, it doesn't. It only deters further crimes by the person executed - which while useful does make up for the lack of other useful benefits such as restitution, rehabilitation, etc.
The problem is society has a simple-minded notion of "bad people need punishment". Never mind where the "bad people" actually come from, or how they're created, or anything else that might actually address the problem.
But in terms of your personal security, you'd be better off being trained in personal awareness, martial arts and combat handgunning and carrying a decent firearm than relying on the police to deal with muggers.
Computer security people are always touting the importance of "security awareness training" in corporations as the first line of defense. The same applies to any other kind of security - personal awareness and skill in dealing with security situations is the only security there is. Every external security aid is just that - an aid.
Privacy is PART of Security. Specifically, it's the Confidentiality portion of the CIA triad. Confidentiality, Integrity, and Availability. Traditionally, different industries tend to focus on one particular aspect of CIA as their core focus, much as service providers focus on Availability, Banks and financial institutions tend to focus on Integrity. But real Security requires a delicate balance among all three aspects of CIA and the overarching business requirements. Why don't people get this???
@Dilbert, if a software company makes a program that is 100% private(can't debug/sniff etc), that increases there secuirty..but the users max secuirty/privacy is of that software, but there min is 0%, were has the sotfware max is 100% and the min is code quialty%
If I won't privacy on the internet I won't to beable to create my own protocol etc, but also have the ablitly of not attacking or destroying how I connect to(secuirty)
Great article. Looking forward to reading his book.
Late to the party, so to summarize: false dichotomy; they may or may not even be on a continuum.
I appreciated the communication aspect of the address; it's persuasive (and somewhat informative) to the average Joe. He may not see the air quotes around "security" v privacy, but he adequately knows these are learned arguments against abuses.
I liked these points:
All or Nothing argument admits to a reductio ad absurdum: will total loss of privacy result in total safety? Prison is safe from some things, I guess.
Deference is unconstitutional: it defeats the principle of checks and balances.
Pendulum argument: In time of peace, no activity is sufficiently urgent/imperative to push the security envelope back to freedom.
War Power argument: The definition of Republic requires at least these two (check me?)
1. The supreme premier is under law (the other thing is called "positive law," and only works under a benevolent + competent tyrant.)
2. Each class is represented in Government (as in Rome.) The founding Fathers tried to add "equally." At the moment, we seem to be drifting away so far from "equal" representation, that we fail to represent poor and uneducated at all, much less "equally."
The Luddite argument: Did I correctly understand that the discussion hinged on insufficient revocation privileges? Does it matter how/why it would fail? The rhetoric to which our freedom falls isn't about revocation privileges. The author has adequately identified that we fall to an accusation of "Luddite!" Answer the rhetoric, without failing to provide revocation privileges in the solution.
Dr. Solove has done the heavy lifting of distilling many abstracts into language we can now fight over. I, for one, am grateful.
Now I just wish the stupid java app/competency test, didn't prevent me from forwarding the link to my "nothing to hide" Dad :-(
The CIA triad although still very valid is as we are finding, a little bit simplistic these days (a little like Newtons three laws of motion).
It is realy a philosophical discussion but you have to ask yourself is privacy a subset of security or security a subset of privacy, or are they two separate sets with a large union?
The CIA triad is a child of the 1960's along with various other security notions which gave rise to the likes of the Bell-LaPadula "write up, read down" Multi Level Security (MLS) model back in the heady days of computer security of the early 70's.
It was only with the later concept of Originator Control (ORCON) which came about due to networks that the notions of privacy started to show their different colours from confidentiality.
The late 1980's and early 1990's that gave rise to the birth of the public Internet started privacy research within computer security, and it was this that gave rise to the notion of Privacy Enhancing Technology (PET) in the late 1990's.
On thing to note is that computer vulnerabilites are now actually worse than they were in the 1970's, and that all the attacks the 1970's "Tiger Teams" came up with still work just as well if not better today.
"... false dichotomy; they may or may not even be on a continuum ..."
Personaly I don't think they are, they apear to have elements in common, but then they also have differences. and it is the differences that make the difference as it were.
"I appreciated the communication aspect of the address; it's persuasive (and somewhat informative) to the average Joe. He may not see the air quotes around "security" v privacy, but he adequately knows these are learned arguments against abuses"
Yes I think it is directed at a less learned audiance than some of the people that hang out here and other security related blogs.
However there is the "unlearned journalist" problem in that others will read and regurgitate parts in their own words and disseminate, and in the process cause both confusion and conflation in peoples minds (I've been guilty of simmilar with the use of "online" and "offline" when talking of using crypto, I forgot the more common meaning would cause confusion).
"will total loss of privacy result in tota safety? Prison is safe from some things, I guess"
Absolutly not, and from what I've been told you are less safe in prison even in solitary confinment than you are on most streets. However I'll leet Richard Steven Hack comment on that as he has studied this area more than I have.
"Deference is unconstitutional: it defeats the principle of checks and balances"
In a constitutional monarchy there is the doctrim of the "crown" being above all else and hence government can inherit "crown immunity" on the presuposition that "the crown cannot sue the crown". However most places where crown immunity was once strong have weakened it.
My personal belief is nobody and I mean nobody is above the law or judgment by their peers at any time.
However this in now way means I am anti monarchist, having the notion of a crown above both the legislature (but not the law) and the executive is useful as the powers can be effectivly devolved to a "revising house" which can be used to stand in judgment over both the executive and the legislature (unfortunatly in the UK Tony Blair mucked up a system that had evolved sensibly over a thousand year just for his own vanity).
"Pendulum argument: In time of peace, no activity is sufficiently urgent/imperative to push the security envelope back to freedom
This might as well be called "the accumulation of power argument" as was once observed at some point all democracies become corrupt and needs to be clensed with the blood of revolution.
Personaly I'm against revolution for many reasons but when you have a parasite firmly entrenched sometimes you have no choice but to exercise it with an appropriate weapon.
"War Power argument: The definition of Republic requires at least these two (check me?
1. The supreme premier is under law (the other thing is called "positive law," and only works under a benevolent + competent tyrant.
2. Each class is represented in Government (as in Rome.) The founding Fathers tried to add"equally."
It's not the definition of just a "republic" it covers most hierarchical forms of government that alows fair voting for all (adults).
"At the moment, we seem to be drifting away so far from "equal" representation, that we fail to represent poor and uneducated at all, much less "equally."
The US fails as a representanive Govenment simply because it excludes whole classes of people such as supposed or rehabilitated criminals, those who did not wish to fight a war and many others to numerous to mention.
Also you don't have a "one person one vote" system, the strange system of electoral colleges etc baffles most non Americans and I suspect a goodly number of Americans. And has been seen the "representative" may not vote in a way that represents the views of those who voted for them.
Whilst I would agree that "first past the post" voting is not ideal it is marginaly less prone to political croniesm and patronage than other "supposadly" more repsentational systems.
Saddly politicos being "bought or gulled" by vested interest is far from new and politicians having the right to select their colleagues on what are essentialy enquires into misconduct does not bode well for an honest process.
However I'm not sure the alternatives are realy any less prone to manipulation if we have elected representatives (which is not democracy to start off with).
"The Luddite argument: Did I correctly understand that the discussion hinged on insufficient revocation privileges?"
It kind of reads that way.
"Does it matter how/why it would fail?"
Only if you had the intent of correcting it.
"The rhetoric to which our freedom falls isn't about revocation privileges."
Agreed, but the two arguments politicos love are
1, If you knew what I know but cann't tell you.
2, The complexitise of the subject requires the opinion of a recognised expert in the field.
Both give them the oportunity for you to have any say.
"Absolutly not, and from what I've been told you are less safe in prison even in solitary confinment than you are on most streets. However I'll let Richard Steven Hack comment on that as he has studied this area more than I have."
Yup. Although in solitary confinement, you're mostly at threat from the guards if for some reason they want to go crazy on you.
Back in 1995 IIRC, there were riots in several Federal BOP facilities. I spoke with a fellow inmate who showed me legal papers filed over the treatment of inmates at one facility during those riots. These inmates were in "The Hole" at the time of the riots and had nothing to do with them. But the "hacks" - Horse's Asses Carrying Keys, as they're known - no relation to me :-) - came through The Hole, cuffed the prisoners, then maced them in the face, dragged them out of their cells, threw them down stairs, beat them, picked them up and slammed their heads against walls, then made them lie motionless in their blood, faeces, and vomit for eight hours under pain of further beatings if they moved.
And they videotaped this. While the warden watched.
The tapes were subpoenaed by the inmates legal aid attorneys and sent to the FBI for analysis. After the FBI got through with them, they were worthless for evidence, and the report indicated most of the guards were in riot masks so no one could identify anyone involved.
With no proof except their medical injuries, the inmates were advised to settle out of court for a pittance.
Now you know where Abu Ghraib originated.
There was another case in Oklahoma City Federal Transfer Center (I went through there at one point) which involved one Kenneth Michael Trentadue. Look that one up in Wikipedia or Google. An apparent deliberate murder by two guards, both of whom later transferred to other LE duties without penalty IIRC.
I myself only got pushed around a few times during my years incarcerated. I avoided confrontations with both inmates and guards as much as possible. Still, I'd definitely say I feel safer on the street, even walking around at 2 AM in the Tenderloin here in San Francisco, than I did in prison.
Although I WAS mugged once many years ago by some bozo with a knife - if I'd been armed, he would have been in big trouble (and I probably would have been, too, once I shot him.) The rule of law is you can't shoot someone fleeing from a criminal act perpetrated on you (unless you're a cop, then you can kill half the town to get the guy). Although I do NOT believe in capital punishment (or any punishment, really), personally I think you should be allowed to kill anyone who even punches you in the face. ANY attack on you is potentially fatal and it does you no good after you're dead if the guy gets convicted of "involuntary manslaughter".
But the distinction is irrelevant. No place is "safe". When I say there is no security, I mean it. The only "security" is how you deal with what happens to you.
@Richard Steven Hack: Your remarks (based on experience) truly call into doubt the TSA's apparent belief that aviation can be secured by making airports as much like prisons as possible (at least for passengers who walk the front door). They want us to believe that treating passengers like convicted felons by imposing arbitrary restrictions, subjecting them to humiliating body searches, and arbitrarily confiscating belongings will keep them safe from terrorism.
But even people who haven't been incarcerated are aware that prisons are neither safe nor secure places. Despite the lack of freedom and privacy (things that supposedly create vulnerability to crime and terrorism), violent attacks occur regularly. And contraband is freely available despite the humiliating searches and arbitrary confiscation. The TSA's earnest attempts to turn airports into "secure" prisons should be anything but reassuring to passengers who willingly surrender their rights in exchange for "security."
Very late to thread and it would seem that most is already said. The only thing I have to add is that the idiot who tried to break in to my place on Friday now has his security seriously compromised by invading my privacy and also needs to fear for his safety if ever he tries again.
"Far fewer people become criminals and take the risk of incarceration if they can get socially acceptable jobs at a decent wage."
I agree with you 100% here, but I think we may differ on how this is "forced" upon companies.
Most, if not all, companies appear to operate with a mindset that is ultimately self defeating. They want to pay their workers the minimum wage they can get away with paying. Sometimes, in some industries, this is an acceptable living wage but often it is not. Given the choice, companies will always (or at least "almost always") opt to pay larger share dividends and increase executive salaries before anything else.
In my mind, one of the ways in which the Government can act to improve my safety is by forcing all businesses to meet minimum wage standards which allow people to live.
Frustratingly, this is actually significantly better for businesses (in general) as this means more working people have more money to spend, so more goes back into the system. More people who can afford to live normal lives, means less crime and anti-social behaviour. Everyone is better off.
The problem is that the benefit does not accrue to those who suffer the cost. In reality, workers can be pressed very hard, because there are always more to be found. The side effects of low wages will never impact the rich and powerful but the reduced dividends will....
Even later to the thread, but i have always found it interesting that our first privacy law in the US, the fourth amendment, uses the term secure: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures...
So in the founders view, privacy is security. How we have strayed.
@Richard Steven Hack: Once more I have problems with what looks to me like an "all-or-nothing" attitude. Yes, there are a finite number of criminals in my neighborhood, or who are willing and able to get to my neighborhood to commit crimes. No, the police certainly aren't going to get all of them. However, every one they do get increases my security a bit.
There is no perfect security for anybody who's still alive. Don't even try to get it. There are greater and lesser degrees of security. If event X is sufficiently unlikely that it will very probably never affect me (such as terrorists on airplanes even with pre-2001 security), that's fine. Something will get me sometime anyway.
Viewing from the privileged seats (right amount of melanin, good income, socially correct sexual preferences, etc.), it seems to me that there's fewer riots and assassinations among the less privileged than I'd expect. Still, my self-interest is served by giving everybody access to good education, medical care, etc. It reduces the number of criminals and increases the number of targets.
When it comes to networked computers, you can't have privacy unless you have security first. Any attacker who can run arbitrary code on your computer with admin privs ipso facto can read all your files. You can use all the 4096-bit encryption you want: they can still read your files as soon as you do.
So if you want data privacy, you have to establish network security first. It's a prerequisite.
When it comes to networked computers, you can't have privacy unless you have security first. Any attacker who can run arbitrary code on your computer with admin privs ipso facto can read all your files. You can use all the 4096-bit encryption you want: they can still read your files as soon as you do.
Made me think of this surrogatus device project I saw today (at surrogatus.sourceforge.net).
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.