Slashdot Mirror

← Back to Stories (view on slashdot.org)

Why Privacy & Security Are Not a Zero-Sum Game

Posted by kdawson on from the insert-ben-franklin-quote-here dept.

I Don't Believe in Imaginary Property writes "Ars Technica has up a nice article on why security consultant Ed Giorgio's statement that 'privacy and security are a zero-sum game' is wrong. The author reasons that, due to Metcalfe's law, the more valuable a government network is to the good guys, the more valuable it is to the bad guys. Given the trend in government to gather all of its eggs into one database, unless more attention is paid to privacy, we'll end up with neither security nor privacy. In other words, privacy and security are a positive-sum game with precarious trade-offs — you can trade a lot of privacy away for absolutely no gain in security, but you don't have to."

14 of 131 comments (clear)

  1. Yes, well ... by ScrewMaster · · Score: 5, Insightful

    he's right ... but the thing is, the Federal Government isn't doing this to provide us with more security, they're doing it to provide themselves with more power, power over us. Consequently, they don't much care about our privacy, and there's no reasoning with them on that score.

    --
    The higher the technology, the sharper that two-edged sword.
    1. Re:Yes, well ... by Kazoo+the+Clown · · Score: 5, Insightful

      he's right ... but the thing is, the Federal Government isn't doing this to provide us with more security, they're doing it to provide themselves with more power, power over us. Consequently, they don't much care about our privacy, and there's no reasoning with them on that score.

      You're right about that-- but they also don't much care about our security, for the same reasons. As long as some "bread and circuses" rewards them political brownie points, they can pass legislation "designed to increase security" that actually decreases it, and they can still come out ahead while the rest of us lose...

      If you want either security or privacy, the absolute last place to look for it is the Federal Government-- they're much of the problem, not the solution.

    2. Re:Yes, well ... by slarrg · · Score: 5, Insightful

      To prove your point, let's propose to make congress the most secure place on earth by taking all of their privacy away. If removing privacy makes them secure they should do it, however, if removing their privacy makes them less powerful....

    3. Re:Yes, well ... by Anonymous Coward · · Score: 5, Insightful

      All Americans suck because they'd gladly trade their privacy (without even knowing it) for the mere perception of security (without even verifying that the trade went through).

      Sufficiently general?

    4. Re:Yes, well ... by h4rm0ny · · Score: 4, Insightful


      You're modded funny, but it would make us more secure. Imagine people knowing everything that was discussed and brokered in the Government, listening to all the meetings with lobbyists. These people represent you, why shouldn't you know what they're doing?

      --

      Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
  2. Re:Happiness by Anonymous Coward · · Score: 5, Funny

    I concur. It is based on the Law of Conservation of Happiness. If you punch somebody in the nose, you transfer their lost happiness to yourself. It is a universal law of nature. Our government, education, and financial systems know that and use it the extreme. While you may think that being anally probed by airport security sucks, the airport workers love it as do the Members of Congress who use it to get reelected.

  3. Right, in theory... by Opportunist · · Score: 4, Insightful

    But... that's not the point now.

    The current system of more and more data collecting isn't for more security. That's just how it's sold. It is, bluntly, control. Over your data and you. It is easier to pinpoint and neutralize "troublemakers" before they start gaining a lot of support.

    So I guess this very interesting point will go unheard. The ones that implement the system don't care (actually, they want it to be that way), the masses don't know (or think that zero-sum game is some sort of game show) and the little rest doesn't matter (and should they start to get too vocal, we'll invent a law against them).

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:Right, in theory... by unlametheweak · · Score: 3, Insightful

      Yes it is control, but people fail to realize the psychological aspects of privacy, that is from the perspective of the spy.

      Having the ability to know everything about both their friends and their foes gives them a feeling of control, however transient and imaginary that may be. It is the act of trying to control their own psychological insecurity.

      It's like a patriarch snooping through their child's belongings, or reading their diary, it gives them a sense of power. In the end it doesn't matter why they do it; they have a compulsion to do it. It is not surprising that leaders in government and industry would do this because the same psychological motivations that drove them to positions of power are the same motivations that drive them to gain control in other areas. Much like Ford or Disney wanted to have total control of their employees; the same types of people in power today have the same psychological needs. Only laws and enforcement of laws that aim at mitigating these behaviors can help stifle the worst abuses. The real problem is trying to convince these people to give up some of this power once they have it. It's not an easy task. Nobody wants to give up (power).

  4. Darwin's law of terrorism... by gillbates · · Score: 5, Insightful

    Terrorists who get caught don't continue to plan attacks...

    The fundamental problem with the privacy-vs-security argument is that it is a false dichotomy:

    1. When someone says, "I have no problem with the government listening in on my conversations or reading my emails," I ask, "Are you a terrorist?". Inevitably, they reply in the negative. Which leads me to ask, "How then, does the government reading your emails make anyone more secure?" Often, this results in an awkward silence, and then they begin to get it.
    2. Sometimes, they'll quip, "Well, how do they know who the terrorists are if they don't read all of the emails..." To which I reply, "If a terrorist is so dumb so as to discuss their plans over the phone or email, how much damage could they do?" I'll remind them of Richard Reid, who was so dumb he didn't know plastic explosives couldn't be detonated with matches.

    The fundamental problem with eavesdropping is that it assumes that the bad guys are willing to divulge key operational details over an insecure channel. Even the dumbest of criminals knows to shut up when the cops are around. So who do the feds expect to catch? That's right - ordinary Americans like you and me. When we become a "problem" to those in power, they'll have hours of phone calls and pages of emails, in which they will find something - no matter how innocent - which, when taken out of context, sounds nefarious. The famous quote, "Give me six sentences by even the most upright man and I will find a reason to hang him..." (or similar) comes to mind.

    Rather, I think it is helpful to expose the lies used to increase the amount of political power wielded by the executive branch.

    --
    The society for a thought-free internet welcomes you.
    1. Re:Darwin's law of terrorism... by gillbates · · Score: 4, Informative

      The government is _not_ out to get you if you aren't breaking any laws.

      Actually, this is not true - the search and seizure laws passed as part of the War on Drugs allowed law enforcement to seize money and property from suspects without ever charging them with a crime. Having myself been deprived of property by the police in just such a situation, I would be inclined to disagree with you. You seem to believe that the power wielded by the FBI has no implications for corrupt individuals. I would argue that such power is specifically sought by corrupt individuals, and the web is full of supporting evidence. Research McCarthyism sometime. Or the civil rights struggle of the sixties.

      Or even the story of Randy Weaver, whose wife and infant were shot and killed by an FBI sniper. (And this because the Justice Department moved up his trial date without informing him. When he missed it, they issued a warrant for his arrest. And in spite of the fact that the sniper killed an innocent bystander, the sniper was given an award by the FBI. Think about that for a moment: our government issued an award to someone who killed an innocent woman and her infant child. And was later forced to pay a settlement - of taxpayer money, mind you - to her husband and children.)

      And let's not forget that Egyptian student that from which the FBI wrested a confession under duress. A confession that was later shown to be false. And no, the FBI did not compensate him for his lost time.

      But that's not the biggest problem, though. Certain laws are just plain immoral, and one cannot follow them without doing something wrong. For example, for many years in the US, racial discrimination was enshrined in law. In my state, Catholic pharmacists cannot legally practice their religion - they are forced to dispense birth control, even abortifacients, or face legal penalties. In the US, you are required to pay taxes on loan interest, even if you didn't collect any interest at all (because doing so would violate Mosaic law).

      So, if you are an advocate for any type of social change, you can be considered a disturber of the peace, and prosecuted for just about anything. The idea is not that they believe you are actually guilty, but rather, by using the government's seemingly unlimited resources against an individual, they can deny the individual the ability to effectively function as an activist. The problem with email scanning, as I see it, is that just about anyone's words can be taken out of context to mean something nefarious. Which means that - even though you, if innocent, and able to afford a lawyer - will eventually be exonerated, the process will drain you financially and take away years from your life. Sure, its better than prison, but the act of being charged in the first place is a de facto fine.

      --
      The society for a thought-free internet welcomes you.
  5. Oh, it's much worse than that by Rogerborg · · Score: 5, Interesting

    It doesn't even take malicious access. In the UK, some low level government peon recently snail-mailed the financial details of 25 million people on discs that went missing. Since that broke, a slew of other government agencies, from health through to defence have dumped "me too" admissions into the shitstorm.

    The government's response? They'll put "new procedures" in place to ensure that it can't blah blah again blah fight them on the beaches blah.

    They're still pressing ahead with the National Database, misnamed as a National ID card (the equivelant of the USian Real ID). It's Total Information Awareness with a fluffier spin on it, but exactly the same goals: to know everything, about everyone, all the time, and Goddamn the consequences when (not if) the black hats get their greasy fingers on it.

    --
    If you were blocking sigs, you wouldn't have to read this.
  6. Well, yes, but... by caitsith01 · · Score: 4, Insightful

    ...they justify it and gain popular support/acquiescence using supposedly rational arguments, so it is a worthwhile expenditure of effort to criticise and dismantle those arguments.

    So if some security expert idiot is wandering around convincing people that security "versus" privacy is a "zero sum game", then one effective counter-tactic is to explain how that is incorrect.

    You are not reasoning with "them" as in, "the Federal Government". You are reasoning with "them" as in, "your fellow citizens, whose approval or at least inaction is needed to allow these things to happen."

    --
    Read Pynchon.
  7. That comment was elegant propaganda. by fuzzyfuzzyfungus · · Score: 4, Insightful

    As an actual assessment of security policy "Privacy and Security are a zero-sum game" is pretty much worthless. There are obvious empirical counterarguments viz. prisons, military bases and ships, and OpenBSD. The statement manages to be both too optimistic and too pessimistic all at once. It ignores the fact that many policies end up achieving a net gain of less than zero(letting the TSA bother passengers and not even glance at cargo, for instance), even if we value security and privacy equally. It also ignores the fact that there a fair number of possible policies that achieve a positive net gain.

    As a propaganda slogan, though, it is a masterstroke. It manages to imply, while sounding like good, solid, hardheaded, professional advice, that reductions in privacy automatically provide security, that defenders of privacy are enemies of security, and that proposals for plans that protect privacy and security are a bunch of unrealistic pie-in-the-sky crap.

    It also manages to completely ignore a facet of security that the American public has been absolutely terrible at(and politicians and the media have been all too willing to help them continue to be so): Risk assessment. We suck at it. We also have a strong bias in favor of flashy interventions and against boring ones. We often end up with interventions strongly modified by various political interests and of sharply reduced effectiveness. "Privacy and Security are a zero-sum game" makes it sound like we actually have it pulled together, that the professionals are on the case; when we hardly know what game we are actually playing.

  8. "Security" is a greater threat than terrorism by radtea · · Score: 3, Insightful

    Number of people who have been killed in the United States in the past five years by terrorism: zero.

    Number of people who have been killed by the over-zealous organs of the state in the name of "security": greater than zero.

    Ergo, increased "security" is killing people and stripping them of their privacy. So as a matter of empirical fact the things people are calling "security" are negative, and the loss of privacy is negative, so it is a lose-lose situation for ordinary law-abiding Americans. They would be SAFER with less "security", as well as having more privacy. And more of something else, too.

    --
    Blasphemy is a human right. Blasphemophobia kills.