Why Privacy & Security Are Not a Zero-Sum Game

I Don't Believe in Imaginary Property writes "Ars Technica has up a nice article on why security consultant Ed Giorgio's statement that 'privacy and security are a zero-sum game' is wrong. The author reasons that, due to Metcalfe's law, the more valuable a government network is to the good guys, the more valuable it is to the bad guys. Given the trend in government to gather all of its eggs into one database, unless more attention is paid to privacy, we'll end up with neither security nor privacy. In other words, privacy and security are a positive-sum game with precarious trade-offs — you can trade a lot of privacy away for absolutely no gain in security, but you don't have to."

Yes, well ...

[ScrewMaster]

he's right ... but the thing is, the Federal Government isn't doing this to provide us with more security, they're doing it to provide themselves with more power, power over us. Consequently, they don't much care about our privacy, and there's no reasoning with them on that score.

Re:Yes, well ...

[Kazoo+the+Clown]

he's right ... but the thing is, the Federal Government isn't doing this to provide us with more security, they're doing it to provide themselves with more power, power over us. Consequently, they don't much care about our privacy, and there's no reasoning with them on that score.

You're right about that-- but they also don't much care about our security, for the same reasons. As long as some "bread and circuses" rewards them political brownie points, they can pass legislation "designed to increase security" that actually decreases it, and they can still come out ahead while the rest of us lose...

If you want either security or privacy, the absolute last place to look for it is the Federal Government-- they're much of the problem, not the solution.

Re:Yes, well ...

[slarrg]

To prove your point, let's propose to make congress the most secure place on earth by taking all of their privacy away. If removing privacy makes them secure they should do it, however, if removing their privacy makes them less powerful....

Re:Yes, well ...

All Americans suck because they'd gladly trade their privacy (without even knowing it) for the mere perception of security (without even verifying that the trade went through).

Sufficiently general?

Re:Yes, well ...

[ScrewMaster]

Sure ... now we wait and see if you get that +5 Insightful.

Re:Yes, well ...

[Miseph]

Don't be silly, power and profit are the exact same motive. People/corporations/governments seek more power as a means of acquiring more profit and more profit as a means of acquiring more power.

The system is broken and nobody in the mainstream (not even that racist lunatic Dr. Paul) has any interest in actually fixing it. One side wants to speed the whole thing and squeeze as much as they can out of it before the whole thing explodes and the other wants to try and throw on a fresh coat paint and hope it keeps going just a little bit longer, neither side wants to address the fact that when it breaks it is entirely possible that life as we know it will cease.

Re:Yes, well ...

[h4rm0ny]

You're modded funny, but it would make us more secure. Imagine people knowing everything that was discussed and brokered in the Government, listening to all the meetings with lobbyists. These people represent you, why shouldn't you know what they're doing?

Re:Yes, well ...

[KDR_11k]

Don't be silly, power and profit are the exact same motive.

I'd rephrase that to "power and profit are closely connected". Paul doesn't have any intent on changing that, AFAIK the libertarian idea is to make money = power by introducing the "vote with your wallet" idea to any sort of question which of course distributes voting power equal to income and strengthens the connection. No idea why people support it when it's pretty damn sure they're not the ones getting the big power from it. I assume it's some sort of "live the American Dream or die" mentality where they're doing an all or nothing bet, if they get rich they win even greater than before, if they don't they're just fucked and hope or something prevents them from considering the second alternative as likely. However I don't think it's surprising that the idea doesn't get enough followers to be strong, there's a large number of people who are poor compared to a few who are rich and fucking the poor up to strengthen the rich isn't going to get popular with that large number without some serious propaganda that hides the idea.

Re:Yes, well ...

[alexgieg]

. . . power and profit are the exact same motive. People/corporations/governments seek more power as a means of acquiring more profit and more profit as a means of acquiring more power.

This isn't quite accurate. The desire to be rich and "powerful" in the economic sense isn't the same as the desire to be powerful in the proper, political-military sense.

To be more precise, you need tough, ruthless, "comfort is for sissies" guys to tame and mostly pacify a society as a necessary, although not sufficient, condition for the soft, efficiency-minded, "me wants monies and beautiful shiny things" to start being viable. That's because it doesn't matter how much money you have, a bullet, or a sword, a knife, two strong hands at your throat... are still pretty efficient at finishing you. And those soft enough to be good at managing money, not weapons, can only do so when the risk of being killed is low. On the other hand, the tough ones don't need to be nice in any way to the soft as a means of acquiring what they want, just think "taxes".

So, no matter how mixed things seem to look like, the relationship between business and government is always one of complete and total submission. Violence (and the monopoly on violence) alway, by definition, controls wealth. The rich know this very well, and that's why they resort so much to bribing as a way to appease the actually powerful: because their only hope of continuing to be rich (and comfortable, and feeling important without actually doing what true power requires) is by making themselves, as they currently are, desirable to the powerful. Remove this factor and the powerful have no reason anymore to not just take what they want and be done with it.

Re:Happiness

I concur. It is based on the Law of Conservation of Happiness. If you punch somebody in the nose, you transfer their lost happiness to yourself. It is a universal law of nature. Our government, education, and financial systems know that and use it the extreme. While you may think that being anally probed by airport security sucks, the airport workers love it as do the Members of Congress who use it to get reelected.

Right, in theory...

[Opportunist]

But... that's not the point now.

The current system of more and more data collecting isn't for more security. That's just how it's sold. It is, bluntly, control. Over your data and you. It is easier to pinpoint and neutralize "troublemakers" before they start gaining a lot of support.

So I guess this very interesting point will go unheard. The ones that implement the system don't care (actually, they want it to be that way), the masses don't know (or think that zero-sum game is some sort of game show) and the little rest doesn't matter (and should they start to get too vocal, we'll invent a law against them).

Re:Right, in theory...

[rtb61]

Security and privacy have always been a struggle of the common man over autocrats. That is the history of democracy, the struggle of slaves, serfs and servants to gain control over their own lives, whilst the autocrats attempted to force servitude out of them. In order to maintain that servitude those slaves, serfs and servants had to be carefully watched and monitored , as the are inherently lazy, they are of low morals, they would steal bread off their masters table, they would dare to work together to ferment rebellion against their righteous masters rule and seek obscene things like freedom for themselves and democracy for all.

Privacy and the security of that privacy preserves the ability to share ideas with others, to discuss problems and possible solutions, so that when those individuals feel secure they can broach those ideas with the public for further discussion and not be targeted for repression before they achieve a measure of security that a caring and involved public provides. Privacy also provides an opportunity for individuals to anonymously inform the public when they do feel insecure and know there would be severe ramifications for informing the public of the truth.

Those corporations that would steal an individuals privacy and sell it for a profit are contemptible. Probing into a persons likes and dislikes, their personal preferences, analysing their personality, doing psychological break downs and associations, establishing extended family and friend associations and connections, establishing a full extended profile of a person as they mature from child hood to becoming an adult. All so they can be more effectively manipulated into liking what they are told to like, into believing what they are told to believe, and of course in hating who they are told to hate. They and their supporters are the greatest threat to freedom and democracy, as has been demonstrated by their for profit activities in autocratic countries, censoring and monitoring all freedom motivated democratic activities. I wonder for example how google audits the success of it's censorship and monitoring activities, does it count the cost dollars spent per successful prosecution of a democratically minded individual so that it can demonstrate the value of it's activities and software to autocratic governments.

Re:Right, in theory...

[unlametheweak]

Yes it is control, but people fail to realize the psychological aspects of privacy, that is from the perspective of the spy.

Having the ability to know everything about both their friends and their foes gives them a feeling of control, however transient and imaginary that may be. It is the act of trying to control their own psychological insecurity.

It's like a patriarch snooping through their child's belongings, or reading their diary, it gives them a sense of power. In the end it doesn't matter why they do it; they have a compulsion to do it. It is not surprising that leaders in government and industry would do this because the same psychological motivations that drove them to positions of power are the same motivations that drive them to gain control in other areas. Much like Ford or Disney wanted to have total control of their employees; the same types of people in power today have the same psychological needs. Only laws and enforcement of laws that aim at mitigating these behaviors can help stifle the worst abuses. The real problem is trying to convince these people to give up some of this power once they have it. It's not an easy task. Nobody wants to give up (power).

Darwin's law of terrorism...

[gillbates]

Terrorists who get caught don't continue to plan attacks...

The fundamental problem with the privacy-vs-security argument is that it is a false dichotomy:

1. When someone says, "I have no problem with the government listening in on my conversations or reading my emails," I ask, "Are you a terrorist?". Inevitably, they reply in the negative. Which leads me to ask, "How then, does the government reading your emails make anyone more secure?" Often, this results in an awkward silence, and then they begin to get it.
2. Sometimes, they'll quip, "Well, how do they know who the terrorists are if they don't read all of the emails..." To which I reply, "If a terrorist is so dumb so as to discuss their plans over the phone or email, how much damage could they do?" I'll remind them of Richard Reid, who was so dumb he didn't know plastic explosives couldn't be detonated with matches.

The fundamental problem with eavesdropping is that it assumes that the bad guys are willing to divulge key operational details over an insecure channel. Even the dumbest of criminals knows to shut up when the cops are around. So who do the feds expect to catch? That's right - ordinary Americans like you and me. When we become a "problem" to those in power, they'll have hours of phone calls and pages of emails, in which they will find something - no matter how innocent - which, when taken out of context, sounds nefarious. The famous quote, "Give me six sentences by even the most upright man and I will find a reason to hang him..." (or similar) comes to mind.

Rather, I think it is helpful to expose the lies used to increase the amount of political power wielded by the executive branch.

Re:Darwin's law of terrorism...

[Vellmont]

Sometimes, they'll quip, "Well, how do they know who the terrorists are if they don't read all of the emails..." To which I reply, "If a terrorist is so dumb so as to discuss their plans over the phone or email, how much damage could they do?" I'll remind them of Richard Reid, who was so dumb he didn't know plastic explosives couldn't be detonated with matches.

This is just a poor argument. Criminals do this all the time. They might not be dumb, they just don't think anyone is listening. Why do you think wiretaps exist in the first place? They wouldn't exist if they didn't work. People are people, be they criminals or terrorists.

That's not to say I approve of the "wide net" approach the Bush Administration has advocated. Far from it. My enormous problem with the approach is that it's warrantless. We need oversite of the goverment by other parts of the government. No oversite leads to abuse of power. Our founding fathers understood this very well, and that's why they setup our system as adversarial. I think your first question falls under this argument well, but your latter question falls apart.

Re:Darwin's law of terrorism...

[gillbates]

The government is _not_ out to get you if you aren't breaking any laws.

Actually, this is not true - the search and seizure laws passed as part of the War on Drugs allowed law enforcement to seize money and property from suspects without ever charging them with a crime. Having myself been deprived of property by the police in just such a situation, I would be inclined to disagree with you. You seem to believe that the power wielded by the FBI has no implications for corrupt individuals. I would argue that such power is specifically sought by corrupt individuals, and the web is full of supporting evidence. Research McCarthyism sometime. Or the civil rights struggle of the sixties.

Or even the story of Randy Weaver, whose wife and infant were shot and killed by an FBI sniper. (And this because the Justice Department moved up his trial date without informing him. When he missed it, they issued a warrant for his arrest. And in spite of the fact that the sniper killed an innocent bystander, the sniper was given an award by the FBI. Think about that for a moment: our government issued an award to someone who killed an innocent woman and her infant child. And was later forced to pay a settlement - of taxpayer money, mind you - to her husband and children.)

And let's not forget that Egyptian student that from which the FBI wrested a confession under duress. A confession that was later shown to be false. And no, the FBI did not compensate him for his lost time.

But that's not the biggest problem, though. Certain laws are just plain immoral, and one cannot follow them without doing something wrong. For example, for many years in the US, racial discrimination was enshrined in law. In my state, Catholic pharmacists cannot legally practice their religion - they are forced to dispense birth control, even abortifacients, or face legal penalties. In the US, you are required to pay taxes on loan interest, even if you didn't collect any interest at all (because doing so would violate Mosaic law).

So, if you are an advocate for any type of social change, you can be considered a disturber of the peace, and prosecuted for just about anything. The idea is not that they believe you are actually guilty, but rather, by using the government's seemingly unlimited resources against an individual, they can deny the individual the ability to effectively function as an activist. The problem with email scanning, as I see it, is that just about anyone's words can be taken out of context to mean something nefarious. Which means that - even though you, if innocent, and able to afford a lawyer - will eventually be exonerated, the process will drain you financially and take away years from your life. Sure, its better than prison, but the act of being charged in the first place is a de facto fine.

Oh, it's much worse than that

[Rogerborg]

It doesn't even take malicious access. In the UK, some low level government peon recently snail-mailed the financial details of 25 million people on discs that went missing. Since that broke, a slew of other government agencies, from health through to defence have dumped "me too" admissions into the shitstorm.

The government's response? They'll put "new procedures" in place to ensure that it can't blah blah again blah fight them on the beaches blah.

They're still pressing ahead with the National Database, misnamed as a National ID card (the equivelant of the USian Real ID). It's Total Information Awareness with a fluffier spin on it, but exactly the same goals: to know everything, about everyone, all the time, and Goddamn the consequences when (not if) the black hats get their greasy fingers on it.

Well, yes, but...

[caitsith01]

...they justify it and gain popular support/acquiescence using supposedly rational arguments, so it is a worthwhile expenditure of effort to criticise and dismantle those arguments.

So if some security expert idiot is wandering around convincing people that security "versus" privacy is a "zero sum game", then one effective counter-tactic is to explain how that is incorrect.

You are not reasoning with "them" as in, "the Federal Government". You are reasoning with "them" as in, "your fellow citizens, whose approval or at least inaction is needed to allow these things to happen."

That comment was elegant propaganda.

[fuzzyfuzzyfungus]

As an actual assessment of security policy "Privacy and Security are a zero-sum game" is pretty much worthless. There are obvious empirical counterarguments viz. prisons, military bases and ships, and OpenBSD. The statement manages to be both too optimistic and too pessimistic all at once. It ignores the fact that many policies end up achieving a net gain of less than zero(letting the TSA bother passengers and not even glance at cargo, for instance), even if we value security and privacy equally. It also ignores the fact that there a fair number of possible policies that achieve a positive net gain.

As a propaganda slogan, though, it is a masterstroke. It manages to imply, while sounding like good, solid, hardheaded, professional advice, that reductions in privacy automatically provide security, that defenders of privacy are enemies of security, and that proposals for plans that protect privacy and security are a bunch of unrealistic pie-in-the-sky crap.

It also manages to completely ignore a facet of security that the American public has been absolutely terrible at(and politicians and the media have been all too willing to help them continue to be so): Risk assessment. We suck at it. We also have a strong bias in favor of flashy interventions and against boring ones. We often end up with interventions strongly modified by various political interests and of sharply reduced effectiveness. "Privacy and Security are a zero-sum game" makes it sound like we actually have it pulled together, that the professionals are on the case; when we hardly know what game we are actually playing.

your comment was elegant Bulls***

[globaljustin]

There are obvious empirical counterarguments viz. prisons, military bases and ships

Prisons can be so secure that they hamper the ability of a prisoner to be rehabilitated...or worse, make the prisoner more unstable and at-risk for criminal behavior. Look at what's neatly called administrative segregation. It used to be known as solitary confinement, but now all types of people are put in ad-seg...people who are targets of gangs (who have done nothing wrong) for example. Some countries consider solitary confinement torture.

At any rate, solitary confinement is and for a person who is wrongfully put there, push them further down the spiral of anti-authoritarianism and harmful behavior. Each case greatly increases their likelihood of committing crimes when put back in general population or released.

The point is, even for a PRISON, you cannot say that security is always non-zero-sum. The converse is true, ALL security/civil rights issues are a zero sum game. The sooner we as a people realize that NO environment can be make truly secure, the sooner we can actually trying to start solving some of our worst problems.

"Security" is a greater threat than terrorism

[radtea]

Number of people who have been killed in the United States in the past five years by terrorism: zero.

Number of people who have been killed by the over-zealous organs of the state in the name of "security": greater than zero.

Ergo, increased "security" is killing people and stripping them of their privacy. So as a matter of empirical fact the things people are calling "security" are negative, and the loss of privacy is negative, so it is a lose-lose situation for ordinary law-abiding Americans. They would be SAFER with less "security", as well as having more privacy. And more of something else, too.

sum(security+privacy)=rand()

[jd]

There is simply no correlation between the two. There is no function or relationship that can map one onto the other, in either direction. There aren't enough parameters. It might be possible to define a function f() with the parameters of security, privacy, base cost, cost per incident, ease of implementation, time of implementation, ease of use, and latency, such that the function (which will not be linear) produces a constant. I don't guarantee it, though. Individuals are too variable, between each other and even between moments for the same individual, and an 8 dimensional non-linear topology is too simple to capture that. Even the sci-fi notion of psychohistory didn't work on individuals, but security and privacy is all about interactions between individuals.

His 'saying' was not an equation

[finity]

"Giorgio warned me, 'We have a saying in this business: 'Privacy and security are a zero-sum game.'"

This was not meant to be a hard and fast equation, folks. Just like, "you can lead a horse to water but you can't make it drink" isn't meant to be 100% true all the time. I can force that damn thing to drink if I want it to, I guarantee you. It won't be pretty. I'm not that mean though.

Not everyone in your government is out to get you. This guy is working with the national intelligence director, you better believe he wants to get all the intelligence he can. It's his job to go as far as he can to get the most benefit for his job. I'd agree this is definitely not the best way to get intel, and it probably won't be secured well enough when they get it. At the same time, someone really intelligent is probably telling Giorgio and McConnell the exact opposite. Really, it's the lawmakers we've (Americans, here) voted into office that are the ones to blame if this type of insanity passes. They're the ones that are supposed to make sure that the tenth amendment is upheld... "The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people."

Remember that when you vote for President, that's one man that represents 330 million people. When you vote for a senator, he/she represents only 3.3 million. When you vote for a house member, they represent 785 thousand. Get down to state and local government and the numbers drop even more significantly. Vote for a smaller government... It's too bad Ron Paul has no chance to get elected.

Re:Who do you trust?

[QCompson]

Quakers are against all war and violence. There hasn't been any answers as to what "threat" they presented. They seem suspiciously peaceful.