Privacy and security: A Schrödinger’s Cat dilemma

3

The recent attack in Paris by Daesh terrorists has raised the debate over privacy versus the surveillance state to a fever pitch. Supporters of surveillance in the name of national security are using the event to attack Edward Snowden and intensify efforts to undermine encryption to ensure intelligence agencies can access and view all communications. Privacy advocates—as you would expect—are opposed and insist that it is not an equitable trade to give up our individual privacy for modest or incremental improvements in security. The debate is tough because depending on how you choose to view it both sides are correct.

Benjamin Franklin once stated, “Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety.”

The phrase is a popular contextomy—commonly excerpted and quoted out of context to imply or support views that have nothing to do with what Franklin was actually talking about. Regardless of its origin, though, Franklin’s quote is now widely used and accepted in the debate over individual liberty versus national security.

Let’s consider it in that context. If you knew for a fact that allowing intelligence agencies unfettered access to all communications would have prevented the attack in Paris or the 9/11 attack in the United States, would you agree to it? Or—as the misquoted words of Franklin suggest—do you ardently protect your privacy even if it means sacrificing security and accept that there will be successful attacks that intelligence agencies can’t thwart?

Surveillance State

Many aspects of our lives are tracked and monitored whether we like it or not. Unless you’re Amish or living on a hippie commune in the country there is almost no possible way to be completely off the grid. Even in those cases it might be challenging. There are traffic cameras at intersections and security cameras at almost every retail establishment. Online behavior can be monitored and purchases and transactions can be tracked. And that’s all just benign general surveillance.

Regardless of what Franklin meant when viewing the quote in context, his statement is more than a quarter millennium old. There is no way for Benjamin Franklin, the Founding Fathers of the United States, or anyone else from the mid-1700’s to anticipate the technologies we have today or the threats we face. The definitions of liberty and security have changed some.

Gathering enemy intelligence isn’t new. Franklin himself was a master of propaganda and covert operations. The CIA website describes some of Franklin’s activities: “In the field of paramilitary operations, Franklin coordinated the efforts of dozens of privateers operating out of French and other European ports against British shipping. He convinced the French Government to ignore its neutrality obligations regarding these activities, and he negotiated a secret arrangement permitting the privateers to sell their captured British ships and cargo to French merchants.”

It seems fair to say that if the Founding Fathers had access to tools that would allow them to intercept any and all communications between enemy forces and gain a strategic advantage they would have taken advantage of them.

Privacy and Liberty

The flipside is that it’s virtually impossible to segregate surveillance effectively and/or guarantee that surveillance in the interests of national security won’t infringe on your personal privacy as well. If everything you do, post, say, or buy is being monitored in real-time then we have all-but surrendered to some sort of Orwellian 1984 world. What begins in the name of national security could quickly evolve to become something more like Minority Report—with law enforcement monitoring and policing virtually everything you do.

Privacy was considered sacrosanct enough that it was written into the United States Constitution in the 4th Amendment. It states:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

In other words, the Constitution spells out very clearly that law enforcement agencies and the government cannot simply violate your privacy and monitor everything you do without probable cause and a proper warrant. The privacy has been eroded substantially, however, since the attack on 9/11. Under the Bush administration, the NSA engaged in broad warrantless wiretapping—ostensibly in the name of national security.

Misguided Debate

Alexander Howard wrote an article titled “After Paris, What We’re Getting Wrong In ‘Privacy vs. Security’ Debate,” in which he poses the question: “Does that really mean we’re going to ban encrypted services or weaken them, exposing billions of consumers to increased risk? Do our elected officials believe that passing laws in Congress or weakening the security of U.S. technology company software or hardware will somehow force the people willing to murder innocents in cold blood to use those tools instead of other products and services?”

As Howard points out, proponents of surveillance are really just being opportunistic and trying to build support for their cause by capitalizing on the events in Paris. The issue of privacy versus security isn’t new, and the debate over encryption predates the revelations from Edward Snowden.

Criminals and terrorists aren’t always the smartest people, but they generally understand that what they’re doing is illegal and that any related communications need to be done surreptitiously. Daesh in particular seems more tech savvy than most other criminal and terrorist organizations in recent decades, so it’s fair to assume the group knows how to use encryption and how to avoid detection online regardless of whether politicians and intelligence organizations get their way and build backdoors into encryption tools. They can just develop their own encryption tools and algorithms that don’t conform to the backdoor rules.

Double-edged Sword

The debate over privacy versus security is a little bit like the Schrödinger’s Cat paradox. Setting aside the broader intention of illustrating the Copenhagen interpretation of quantum mechanics, the paradox—simply put—is that there is a cat in an enclosed box and opening the box would kill the cat. There is no way to know if the cat in the box is dead or alive because the only way to check would be to open the box—thereby killing the cat.

Privacy is the cat, and surveillance is the box. Would unfettered surveillance make us more secure? Could ubiquitous surveillance by intelligence agencies prevent all attacks, or would it just offer modest improvements over existing intelligence methods? There is no way to prove it without opening the surveillance “box” and “killing” privacy. No matter what the result of such an experiment might be, putting privacy back in the box and bringing it back to life might not be possible.

Privacy and security are just two sides of a double-edged sword. Each plays an important, but conflicting role in our lives. It’s simpler to view it as an idealistic, black and white issue. You’re either for privacy in all circumstances regardless of the consequences, or you’re in favor of security in all circumstances even if it means being under constant surveillance.

Those extreme positions aren’t really tenable in the modern era, though. The challenge we face as a society is to determine if we’re willing to start down the slippery slope of trying to strike a balance, and how do we effectively determine and manage that balance without simply abandoning the idea of privacy completely?

Share.

About Author

Tony Bradley is Editor-in-Chief of TechSpective and Community Manager for Tenable Network Security. Tony has a passion for technology and gadgets--with a focus on Microsoft and security. He also loves spending time with his family and likes to think he enjoys reading and golf even though he never finds the time for either.