Privacy and Security: A False Dichotomy
Published by Hanno Kaiser October 8th, 2006 in CultureBruce Schneier recently led a discussion about privacy and security at the USC Center on Public Diplomacy as part of a speaker series organized by Cory Doctorow. Here is the podcast, which doesn’t disappoint. Schneier’s position with respect to security has no particular ideological bent, after all, he is in the business of selling security. But he’s a committed pragmatist who always asks “what works, and at what cost.” Schneier makes a number of critically important points, including:
- The only useful measures to actually increase airplane security since 9/11 are reinforced cockpit doors, sky marshals, and passengers knowing that they will have to fight back.
- We are only focusing on one threat at a time. In the past, there was the threat from government. (A defining theme since the American Revolution.) Today, it’s terrorism. And in the process of fighting terrorism, we are dismantling the protections against other threats — including government abuse.
Schneier’s most important point is that the current identification-based security paradigm is deeply flawed. Identification-based security relies on the assumption that we can
- Create a complete and accurate list of dangerous people, for example, a no-fly list; and that
- Armed with that list, we can track dangerous people, and if need be stop them from carrying out whatever bad acts they might be contemplating.
What’s wrong with that idea? First, we don’t know which observable characteristics are reasonable proxies for the intent to commit bad acts. Past offenses? Frequent travels to Afghanistan and Pakistan? Sharing a name with a known terrorist? Maybe, but all of these criteria are vastly overinclusive and don’t provide much guidance as to who should be on that list. (Of course, the potential for abuse of such a system is simply breathtaking.) Second, even if we had a way of identifying potentially dangerous individuals, we would have no way of telling when they are about to commit bad acts. Third, identification-based security requires wholesale surveillance of millions of people, and that’s what puts ID-based security directly at odds with privacy. And here is the critically important point: Only ID-based security is directly at odds with privacy. Security measures that are not based on identification usually enhance, not diminish privacy, for example locks, doors, fences, walls, etc. Why do we need to know who is boarding an airplane? All we need to ensure is that nobody brings a bomb on board, a problem that can be tackled with technological means that do not require identification (e.g., sniffers, better x-rays, etc.). Schneier is right in that security v. privacy is a false dichotomy. Security and privacy don’t necessarily clash, in fact, they don’t even clash very often. It is only one particular means of promoting the end of security, ID-based security, that is in direct opposition with privacy. And more often than not, ID-based security doesn’t even work very well. Why then is ID-based security so popular? Why is it pursued virtually to the exclusion of other means? In my view, there are two primary reasons:
- Companies have an incentive to support ID-based security measures, because they generate marketing data. Identification-based security generates personalized data, lots and lots of personalized data, revealing consumer preferences: for airlines, doctors, lawyers (think ID collection in the lobby of every major building), hotels, bars, liquor purchases, etc. That data, while pretty much useless for security purposes, has significant commercial value. So private corporations are likely to support mandatory ID-based security measures. Put yourself in the shoes of a landlord of a New York city office building. Why not sell the highly individualized visitor information that your “security” collected to a professional services marketing firm? If there’s a buck to be made, it will be made. And since the data collection “for security purposes” is mandatory, the risk of negative PR is limited.
- Law enforcement has an incentive to support ID-based security, because it helps them catch criminals. A significant part of police work is investigative in nature, and investigative work depends on identification. (After all, we want to be sure that the right person is apprehended and tried. In this context, reliable identification protects the innocent.) Even though ID-based security is rather useless in achieving its primary purpose, police investigations will certainly be aided by the personalized data it generates. So even we can expect support from the law enforcement community for ID-based security measures.
The alignment of commercial and law-enforcement interests translates directly into broad, bipartisan political support, which explains how an otherwise inferior technological paradigm managed to become the default.
It seems that the only way to promote both security and privacy is for the government to create a market in privacy-neutral security measures, for example by making secondary use of data collected for security purposes dependent on the express consent of the affected individuals. Use restrictions would still permit the collection of data for security purposes, but any ID-based security system would have to compete with other approaches on the merits, that is, with respect to whether it effectively enhances security. Presently, we don’t choose security systems on the basis of whether they enhance security. To a large extent, we choose security technologies on the basis of whether they have the potential to generate commercially useful information. That is not a desirable state of affairs, neither from a privacy nor from a security standpoint.
Technorati Tags: privacy, security, identification, schneier, no-fly
License
This work is published under a Creative Commons Attribution-Noncommercial 2.5 License.
2 Responses to “Privacy and Security: A False Dichotomy”
Leave a Reply
Search
Categories
- Admin (10)
- Carpe Diem (1)
- Constructivism (4)
- Culture (38)
- Flusser (1)
- Hobbes (4)
- Jurisprudence (71)
- Kant (6)
- Law and Economics (16)
- Law and Society (91)
- Philosophy (53)
- Privacy (7)
- System Theory (6)
- Theories of Punishment (18)
- Uncategorized (17)
Posts by author
Hosted by SiteGround
I don’t think we can ignore popular support for ID-based security measures as a political force behind their adoption.
There may be some sort of cognitive bias (at least for people untrained in, say, rudimentary economic analysis) that attributes greater perceived efficacy to ID-based security measures. More “passive” measures, such as stronger doors and more locks, while potentially more cost-effective than wasteful and privacy-eroding ID-based measures, can ring ineffectual. [”Hey, why are we just sitting around twiddling our thumbs, waiting for an attack? There are bad guys out there, and we need to go get them!”] Within such a view, systemic domestic harm from “getting them” - whether economic, legal, or cultural - is largely invisible. However, such a conception of “the mission” promotes illusions of simplicity, boundedness, and therefore feasibility, which in turn may induce a greater perception of security - which generates a kind of political ‘market demand’ for ID-based measures. Each person’s individual judgment about the likely efficacy of any program, including security measures, is based on that person’s mental schemas of the entities involved and their likely behavior and interaction. The more terrain ignored, and the simpler our mental sketches of the entities, the quicker, more resolute, and perhaps more fallible are our judgments about the effects of our actions “in the real world.”
There’s a similar strain of the person-centric fallacy in one of the Iraq war’s more recent public rationales: “We’re fighting the terrorists over there so we don’t have to find them over here.” In this case, the fallacy of person-centrism is that it ignores the inflammatory potential of our fight “over there” by misunderstanding terrorism as the agenda of a discrete, static population of individuals, and believing that our efforts at war-fighting can neatly pare these “bad apples” from the rest of the population. Of course, there is a reservoir of disgruntled individuals who can be tipped to the terrorist cause by our actions, an effect that could prolong the struggle indefinitely. The illusion of “going to get them over there” is that of a bounded mission: There are a certain number of bad guys over there, and once we get them, the fight will be over. It’s a blinkered view that ignores large swaths of reality, including important externalities. It’s a view based on mental schemas of the events and actors involved and the predictions that emerge from their interaction within human imaginations. And it is a disastrously simplistic and misguided story.
Many staunch supporters of the person-centric approach to security are obsessed with the idea that there are essentially bad people, that is people whose very nature it is to be evil. For those essentialists, the real battle is not to prevent certain acts of terror but to identify and incapacitate terrorists. Preventing bad acts from occurring should be at the heart of every rational anti-terrorism policy. Chasing bad people is mostly a waste of time, for one because we simply don’t have a model that reliably ties manifestations of essential badness (whatever that might be) to the future commission of bad acts. We don’t even have such a model for ordinary run of the mill crimes! How can we expect to have one for acts of terror? But, of course, chasing evil people plays well with a superstitious, frightened audience.