Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Privacy & Security Are Not a Zero-Sum Game

Posted by kdawson on from the insert-ben-franklin-quote-here dept.

I Don't Believe in Imaginary Property writes "Ars Technica has up a nice article on why security consultant Ed Giorgio's statement that 'privacy and security are a zero-sum game' is wrong. The author reasons that, due to Metcalfe's law, the more valuable a government network is to the good guys, the more valuable it is to the bad guys. Given the trend in government to gather all of its eggs into one database, unless more attention is paid to privacy, we'll end up with neither security nor privacy. In other words, privacy and security are a positive-sum game with precarious trade-offs — you can trade a lot of privacy away for absolutely no gain in security, but you don't have to."

17 of 131 comments (clear)

  1. Yes, well ... by ScrewMaster · · Score: 5, Insightful

    he's right ... but the thing is, the Federal Government isn't doing this to provide us with more security, they're doing it to provide themselves with more power, power over us. Consequently, they don't much care about our privacy, and there's no reasoning with them on that score.

    --
    The higher the technology, the sharper that two-edged sword.
    1. Re:Yes, well ... by Kazoo+the+Clown · · Score: 5, Insightful

      he's right ... but the thing is, the Federal Government isn't doing this to provide us with more security, they're doing it to provide themselves with more power, power over us. Consequently, they don't much care about our privacy, and there's no reasoning with them on that score.

      You're right about that-- but they also don't much care about our security, for the same reasons. As long as some "bread and circuses" rewards them political brownie points, they can pass legislation "designed to increase security" that actually decreases it, and they can still come out ahead while the rest of us lose...

      If you want either security or privacy, the absolute last place to look for it is the Federal Government-- they're much of the problem, not the solution.

    2. Re:Yes, well ... by slarrg · · Score: 5, Insightful

      To prove your point, let's propose to make congress the most secure place on earth by taking all of their privacy away. If removing privacy makes them secure they should do it, however, if removing their privacy makes them less powerful....

    3. Re:Yes, well ... by Anonymous Coward · · Score: 5, Insightful

      All Americans suck because they'd gladly trade their privacy (without even knowing it) for the mere perception of security (without even verifying that the trade went through).

      Sufficiently general?

    4. Re:Yes, well ... by Miseph · · Score: 2, Insightful

      Don't be silly, power and profit are the exact same motive. People/corporations/governments seek more power as a means of acquiring more profit and more profit as a means of acquiring more power.

      The system is broken and nobody in the mainstream (not even that racist lunatic Dr. Paul) has any interest in actually fixing it. One side wants to speed the whole thing and squeeze as much as they can out of it before the whole thing explodes and the other wants to try and throw on a fresh coat paint and hope it keeps going just a little bit longer, neither side wants to address the fact that when it breaks it is entirely possible that life as we know it will cease.

      --
      Try not to take me more seriously than I take myself.
    5. Re:Yes, well ... by h4rm0ny · · Score: 4, Insightful


      You're modded funny, but it would make us more secure. Imagine people knowing everything that was discussed and brokered in the Government, listening to all the meetings with lobbyists. These people represent you, why shouldn't you know what they're doing?

      --

      Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
    6. Re:Yes, well ... by KDR_11k · · Score: 2, Insightful

      Don't be silly, power and profit are the exact same motive.

      I'd rephrase that to "power and profit are closely connected". Paul doesn't have any intent on changing that, AFAIK the libertarian idea is to make money = power by introducing the "vote with your wallet" idea to any sort of question which of course distributes voting power equal to income and strengthens the connection. No idea why people support it when it's pretty damn sure they're not the ones getting the big power from it. I assume it's some sort of "live the American Dream or die" mentality where they're doing an all or nothing bet, if they get rich they win even greater than before, if they don't they're just fucked and hope or something prevents them from considering the second alternative as likely. However I don't think it's surprising that the idea doesn't get enough followers to be strong, there's a large number of people who are poor compared to a few who are rich and fucking the poor up to strengthen the rich isn't going to get popular with that large number without some serious propaganda that hides the idea.

      --
      Justice is the sheep getting arrested while an impartial judge declares the vote void.
  2. Right, in theory... by Opportunist · · Score: 4, Insightful

    But... that's not the point now.

    The current system of more and more data collecting isn't for more security. That's just how it's sold. It is, bluntly, control. Over your data and you. It is easier to pinpoint and neutralize "troublemakers" before they start gaining a lot of support.

    So I guess this very interesting point will go unheard. The ones that implement the system don't care (actually, they want it to be that way), the masses don't know (or think that zero-sum game is some sort of game show) and the little rest doesn't matter (and should they start to get too vocal, we'll invent a law against them).

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Right, in theory... by unlametheweak · · Score: 3, Insightful

      Yes it is control, but people fail to realize the psychological aspects of privacy, that is from the perspective of the spy.

      Having the ability to know everything about both their friends and their foes gives them a feeling of control, however transient and imaginary that may be. It is the act of trying to control their own psychological insecurity.

      It's like a patriarch snooping through their child's belongings, or reading their diary, it gives them a sense of power. In the end it doesn't matter why they do it; they have a compulsion to do it. It is not surprising that leaders in government and industry would do this because the same psychological motivations that drove them to positions of power are the same motivations that drive them to gain control in other areas. Much like Ford or Disney wanted to have total control of their employees; the same types of people in power today have the same psychological needs. Only laws and enforcement of laws that aim at mitigating these behaviors can help stifle the worst abuses. The real problem is trying to convince these people to give up some of this power once they have it. It's not an easy task. Nobody wants to give up (power).

  3. Darwin's law of terrorism... by gillbates · · Score: 5, Insightful

    Terrorists who get caught don't continue to plan attacks...

    The fundamental problem with the privacy-vs-security argument is that it is a false dichotomy:

    1. When someone says, "I have no problem with the government listening in on my conversations or reading my emails," I ask, "Are you a terrorist?". Inevitably, they reply in the negative. Which leads me to ask, "How then, does the government reading your emails make anyone more secure?" Often, this results in an awkward silence, and then they begin to get it.
    2. Sometimes, they'll quip, "Well, how do they know who the terrorists are if they don't read all of the emails..." To which I reply, "If a terrorist is so dumb so as to discuss their plans over the phone or email, how much damage could they do?" I'll remind them of Richard Reid, who was so dumb he didn't know plastic explosives couldn't be detonated with matches.

    The fundamental problem with eavesdropping is that it assumes that the bad guys are willing to divulge key operational details over an insecure channel. Even the dumbest of criminals knows to shut up when the cops are around. So who do the feds expect to catch? That's right - ordinary Americans like you and me. When we become a "problem" to those in power, they'll have hours of phone calls and pages of emails, in which they will find something - no matter how innocent - which, when taken out of context, sounds nefarious. The famous quote, "Give me six sentences by even the most upright man and I will find a reason to hang him..." (or similar) comes to mind.

    Rather, I think it is helpful to expose the lies used to increase the amount of political power wielded by the executive branch.

    --
    The society for a thought-free internet welcomes you.
    1. Re:Darwin's law of terrorism... by Vellmont · · Score: 2, Insightful


      Sometimes, they'll quip, "Well, how do they know who the terrorists are if they don't read all of the emails..." To which I reply, "If a terrorist is so dumb so as to discuss their plans over the phone or email, how much damage could they do?" I'll remind them of Richard Reid, who was so dumb he didn't know plastic explosives couldn't be detonated with matches.

      This is just a poor argument. Criminals do this all the time. They might not be dumb, they just don't think anyone is listening. Why do you think wiretaps exist in the first place? They wouldn't exist if they didn't work. People are people, be they criminals or terrorists.

      That's not to say I approve of the "wide net" approach the Bush Administration has advocated. Far from it. My enormous problem with the approach is that it's warrantless. We need oversite of the goverment by other parts of the government. No oversite leads to abuse of power. Our founding fathers understood this very well, and that's why they setup our system as adversarial. I think your first question falls under this argument well, but your latter question falls apart.

      --
      AccountKiller
  4. Well, yes, but... by caitsith01 · · Score: 4, Insightful

    ...they justify it and gain popular support/acquiescence using supposedly rational arguments, so it is a worthwhile expenditure of effort to criticise and dismantle those arguments.

    So if some security expert idiot is wandering around convincing people that security "versus" privacy is a "zero sum game", then one effective counter-tactic is to explain how that is incorrect.

    You are not reasoning with "them" as in, "the Federal Government". You are reasoning with "them" as in, "your fellow citizens, whose approval or at least inaction is needed to allow these things to happen."

    --
    Read Pynchon.
  5. That comment was elegant propaganda. by fuzzyfuzzyfungus · · Score: 4, Insightful

    As an actual assessment of security policy "Privacy and Security are a zero-sum game" is pretty much worthless. There are obvious empirical counterarguments viz. prisons, military bases and ships, and OpenBSD. The statement manages to be both too optimistic and too pessimistic all at once. It ignores the fact that many policies end up achieving a net gain of less than zero(letting the TSA bother passengers and not even glance at cargo, for instance), even if we value security and privacy equally. It also ignores the fact that there a fair number of possible policies that achieve a positive net gain.

    As a propaganda slogan, though, it is a masterstroke. It manages to imply, while sounding like good, solid, hardheaded, professional advice, that reductions in privacy automatically provide security, that defenders of privacy are enemies of security, and that proposals for plans that protect privacy and security are a bunch of unrealistic pie-in-the-sky crap.

    It also manages to completely ignore a facet of security that the American public has been absolutely terrible at(and politicians and the media have been all too willing to help them continue to be so): Risk assessment. We suck at it. We also have a strong bias in favor of flashy interventions and against boring ones. We often end up with interventions strongly modified by various political interests and of sharply reduced effectiveness. "Privacy and Security are a zero-sum game" makes it sound like we actually have it pulled together, that the professionals are on the case; when we hardly know what game we are actually playing.

  6. your comment was elegant Bulls*** by globaljustin · · Score: 2, Insightful

    There are obvious empirical counterarguments viz. prisons, military bases and ships


    Prisons can be so secure that they hamper the ability of a prisoner to be rehabilitated...or worse, make the prisoner more unstable and at-risk for criminal behavior. Look at what's neatly called administrative segregation. It used to be known as solitary confinement, but now all types of people are put in ad-seg...people who are targets of gangs (who have done nothing wrong) for example. Some countries consider solitary confinement torture.

    At any rate, solitary confinement is and for a person who is wrongfully put there, push them further down the spiral of anti-authoritarianism and harmful behavior. Each case greatly increases their likelihood of committing crimes when put back in general population or released.

    The point is, even for a PRISON, you cannot say that security is always non-zero-sum. The converse is true, ALL security/civil rights issues are a zero sum game. The sooner we as a people realize that NO environment can be make truly secure, the sooner we can actually trying to start solving some of our worst problems.
    --
    Thank you Dave Raggett
  7. "Security" is a greater threat than terrorism by radtea · · Score: 3, Insightful

    Number of people who have been killed in the United States in the past five years by terrorism: zero.

    Number of people who have been killed by the over-zealous organs of the state in the name of "security": greater than zero.

    Ergo, increased "security" is killing people and stripping them of their privacy. So as a matter of empirical fact the things people are calling "security" are negative, and the loss of privacy is negative, so it is a lose-lose situation for ordinary law-abiding Americans. They would be SAFER with less "security", as well as having more privacy. And more of something else, too.

    --
    Blasphemy is a human right. Blasphemophobia kills.
  8. sum(security+privacy)=rand() by jd · · Score: 2, Insightful

    There is simply no correlation between the two. There is no function or relationship that can map one onto the other, in either direction. There aren't enough parameters. It might be possible to define a function f() with the parameters of security, privacy, base cost, cost per incident, ease of implementation, time of implementation, ease of use, and latency, such that the function (which will not be linear) produces a constant. I don't guarantee it, though. Individuals are too variable, between each other and even between moments for the same individual, and an 8 dimensional non-linear topology is too simple to capture that. Even the sci-fi notion of psychohistory didn't work on individuals, but security and privacy is all about interactions between individuals.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  9. Re:Who do you trust? by QCompson · · Score: 2, Insightful

    Quakers are against all war and violence. There hasn't been any answers as to what "threat" they presented. They seem suspiciously peaceful.