Comments

Julien Couvreur September 14, 2015 5:18 PM

Is it accurate to say you consider privacy just a subset of security concerns?

Both involve assets, threats and mitigations. Both types of threats can be subjected to the same approach (enumeration, evaluation, mitigation).
As a side note, in my experience, the main difference I found is that privacy threats are often not spelled out as clearly as most security threats.

Wael September 14, 2015 5:27 PM

On a first pass: Interesting cartoon. A bit inaccurate. Security does encompass “privacy preservation”. If the outside fence were labeled “intrusion detection/prevention” and the house “guards” were labeled “privacy”, then it would be more precise. Speaking of fences brings back old memories 🙂

On a second pass: It’s a more profound cartoon depicting government agents providing “security” at the expense of “privacy” (removing the “privacy wood planks” to build a “security fence” with those planks!) If you also notice, not all the privacy planks are being used for the “Security” fence. I guess the words of Mr. Franklin: “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety” apply here.

Dirk Praet September 14, 2015 7:35 PM

I think the cartoon would have been more accurate if the privacy planks would have been used to build a fence around some government building like the one the FISC is at.

rgaff September 14, 2015 7:53 PM

@Dirk Praet

I agree on accuracy… but then the comic becomes more about “the government is leaving us out in the cold and just protecting itself by destroying everyone” instead of “hey, I think we were a lot safer the way things were before you made us so naked…”

If accuracy were the main thing in a comic, we would have photographs, not comics…. comics are about what message do you want to portray.

rgaff September 14, 2015 8:06 PM

@Dirk Praet

Put another way, your suggestion becomes about the government deliberately attacking its citizens… whereas his way it’s more about the citizens being duped (whether deliberate or accidental is not really commented upon, and left for thinkers to think about later, like us here)

r September 14, 2015 10:19 PM

They’re not just removing the exterior walls, one of the guys in the back right has a hand saw and is cutting a gd wall joist.

And remember, that security fence is ‘curtilage’. The security it provides is merely a function of paper and film.

Wael September 14, 2015 10:45 PM

Another inaccuracy: the guy cutting the joist should be replaced by the parents’ imbecile children. You know, publishing every little thing to the entire world …

Russtopia September 14, 2015 11:06 PM

I feel the symmetry would be better if the guy on the left side of the house, instead of having a crowbar, was holding a hammer ambiguously, like the other man on the right side, which could either be pulling a plank away, or adding it back — are they just shuffling boards from the house to the fence, and vice-versa? Is there any net change? (Software is like that, every change might add security or diminish it, or both…)

It’s almost an M.C. Escher piece if interpreted that way. What’s the difference between security and privacy? Is it just a quibble about where the fence/wall is — around the home, or around the property?

rgaff September 15, 2015 12:21 AM

bah.. you guys still aren’t getting it… the government is tearing down the house of privacy, and using the pieces to build a dinky ineffective fence of security… yet the occupants were far far more safe and secure before with an actual house, than with no house and just a short fence around them…

We don’t get security by destroying privacy. The two work hand in hand together. If you destroy privacy trying to bolster security, you naturally end up with neither as a result. This is what Ben Franklin’s famous quote means.

rgaff September 15, 2015 12:30 AM

This cartoon is basically arguing against everyone who keeps saying the phrase “balance between security and privacy”… the word “balance” means that as one goes up, the other naturally goes down… THIS IS NOT REALITY… The reality is that when privacy goes down, security also goes down with it… there is no “balance”… they are not opposites. Instead, one is a dependency on the other.

Wael September 15, 2015 1:31 AM

Analyzing political cartoons…

Recognize the tools[1] Clay Bennet used to convey his point of view.

[1] I’m not talking about the hammer, the crowbar, and the saw, btw! But I would be curious what they represent 😉

Here are a couple of hints

grumpie September 15, 2015 2:33 AM

We don’t get security by destroying privacy. The two work hand in hand together.

Security is paranoia by default thus an insider is almost the biggest threat. If no one is to be trusted then there can not be a fense called customer privacy around lalaland by default because everything’s has a little blackbox your customers can’t touch in the name of security.

rgaff September 15, 2015 2:47 AM

@ Wael

Good point. The “privacy house” is exaggeratedly small, I would surmise meaning that our privacy was already ridiculously small even before the government started trying to take the rest of it down under pretense of building “better” security that’s worse…

Thoth September 15, 2015 2:55 AM

@Bruce Schneier
Security should be split in-between a Hive-mind Security, a Hive Security and an Ant Security. We can see Hive-Mind as the leadership level protection where the idea is to protect the integrity and safety of a leadership which in turns is assumed to protect the Hive. Hive protection is regarded as protecting everything and everyone. Ant protection is self-defense on an individual scale. We can see the idea of National Security in the current context where Govts use the terms of National Security to gag people or remove dissent as a Hive-Mind protection whereas the people use circumvention and security technology from an Ant protection view.

Wael September 15, 2015 10:51 AM

Ok: here is my take:

Eight people, dressed in the same uniform — symbolizing that they are conformist authoritarians that don’t question the marching order of the day, even when the outcome of their work is clear as daylight.

The house is void of any furniture or any object that requires “privacy”. The only two entities inside the house are a man and a woman, apparently a married couple, middle aged, middle class. Apparently also intelligent. The look on their face is that of surprise, confusion, and descent. As if to say: what are you morons doing, think about the result of your actions! It also symbolizes that the object is invasion of privacy (to see what the couple are doing, since there are no other objects in the house)

Noteworthy points:

1- The morons executing government orders of eroding the privacy of citizens (the ones in the cartoon are not terrorists, btw) don’t question the orders. This is symbolized by the autonomous way they are acting.

2- The workers aren’t talking to each other. They are walking and working like thoughtless zombies.

3- The occupants of the house are doing nothing but look in shock and descent. They see what’s going on and are not acting to prevent it. The message is: You gotta do something about it, otherwise your house (country) will collapse. This is the inevitable result of the actions taking place in the picture.

4- Even if the security fence (the perimeter, in security parlance) is perfect and accomplishes its job, the residents of the house will be left without a dwelling! They’ll be living in an open area surrounded by a fence (to protect them from what the government sees as a threat, but leave them open to other threats, such as the elements of nature)

5- It’s not clear whether there are enough material in the house to complete building the “security” fence, which, by the way, doesn’t look formidable, but that’s debatable. The message is: Even if you erode all privacy, you may not be able to achieve the “security” the government wants.

6- The tools used may represent the power of the government forcing its viewpoints. The crowbar is a symbol of ____, the hammer is a symbol of ____ … I don’t know what the tools represent, but they can possibly represent the misuse of the three branches of government (which are supposed to be independent — they aren’t in this picture, but I could be wrong)

7- Governments don’t understand security and uses stupid analogies (such as balance between security and privacy) to justify their destructive actions.

Overall message: don’t just look surprised. Don’t even attempt to talk to the morons executing the orders, they are nothing but thoughtless, order-following conformist simpletons — you need to take it to the higher-ups… In other words, don’t be action-less like the couple in the house.

Of course, I could be wrong! But I am sure Bruce can summarize it in two words: Security Theatre 🙂

As they say, a picture is worth a thousand words (or two)

Wael September 15, 2015 11:19 AM

A few more points…

1- Privacy is symbolized by a house. It’s a basic human right. Destroying privacy is tantamount to destroying a basic human right such as the house. Privacy could also be the shelter provided by the house.

2- The house and the fence belong to the tax-paying citizens. But someone else saw it fit to take the liberty of messing with the structure.

… There is a lot more to say, but I don’t want to read too much into it 🙂

Clive Robinson September 15, 2015 12:11 PM

@ Wael,

In your point four, you forgot to mention that the loss of not just walls but roof, will leave the couple to not just the ravages of the environment but also to any drone somebody choses to send over.

Speaking of drones… In the UK a court has decided that a man who flew his drone over Buck Palace and a couple of football stadiums is guilty of “reckless endangerment”. It will be interesting to see what his sentance will be (sadly ‘life + eternity in purgatory’ is apparently against his human rights 🙁

Wael September 15, 2015 12:34 PM

@Clive Robinson,

Regarding drones: Right on!

As for the drone flying person: I wouldn’t suppose one of these would help him out of purgatory? 😉

rgaff September 15, 2015 1:10 PM

Privacy is the foundation upon which security is built.

Tell me, what’s the “balance” between a foundation and a wall built upon it? Do you get more wall the more you take away the foundation?

Bruce himself has said this wrong many many times, I’d love to hear his answer to this or somehow convince him of the error of his ways… 🙁

Nick P September 15, 2015 2:33 PM

@ Wael, rgaff

No need to go that far: integrity and accountability are the foundation. The mechanism, whatever it is, must work without defect or subversion. From there, it might protect confidentiality. For computers, this is trusted computing base (TCB) of the system. For society, it’s a responsible media, voting integrity, and imprisonment for dirty officials. Everything else is built on top of high-integrity mechanisms.

There’s a secrecy side to it with obfuscation to protect integrity but it has same goal. And you still have to know the obfuscation does what it’s supposed to. Right back to integrity. Even the confidentiality-obsessed people behind Orange Book eventually realized how critical this property was.

rgaff September 15, 2015 3:12 PM

My reasoning is that the more government rips away (and the more we let them rip away) fundamental human rights of the population, such as the right to privacy, the more the government ends up naturally having less and less boundaries as to what they can and can’t invade against the people. For example, only a “general warrant” necessary, or perhaps even no “warrant” at all. Government will always expand to do everything we limit it to, so if we just keep removing the very limits that we fundamentally need, it will eventually do everything heinous there is… even, eventually, hauling off ever larger portions of the population to gas chambers (or some equally horrifying Godwin’s equivalent)!!! This is our guaranteed future with the course we’re on.

So the general population NEEDS privacy, as a buffer or protection against overzealousness in the government itself, let alone from other evil members of the population trying to do them harm as well. The government CANNOT EVER… in a million years… ever be TRUSTED with ever-closer-to-omniscient intelligence or ever-closer-to-omnipotent powers… it must be strictly LIMITED forever instead. So, privacy of the general population is one requirement of many (or a fundamental building block, or a foundational element) of the general population having any security at all…. from the government itself.

Wael September 15, 2015 3:21 PM

@Nick P, @rgaff,

No need to go that far

You’re probably right, the classic foundation is CIA 🙂
Confidentiality, Integrity, and Availability.

Paul M September 16, 2015 10:01 AM

I think it was Mr Schneier who articulate the difference between private and secret, which I’ll steal and paraphrase

there are things you do in private (e.g. go to the toilet) the existence of which is not secret (everybody knows everyone does it).

there are things you keep secret (e.g. your bank details) the existence of which is not secret (most people have a bank account)

there are things you keep secret, and the existence of those things is also secret (your subscription to dolphin pr0n monthly).

David September 16, 2015 2:49 PM

Sorry Bruce, the dl.dropboxusercontent.com domain is blacklisted here at work. Don’t you practice good security? (yes, sarcasm…)

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.