[iwar] [fc:Privacy.vs..Security:.A.Bogus.Debate?]

From: Fred Cohen (fc@all.net)
Date: 2002-06-06 06:13:57
Next message: Fred Cohen: "[iwar] [fc:Terrorism.Open.Source.Intelligence.Report]"
Previous message: Fred Cohen: "[iwar] [fc:Heads-Up.To.Ashcroft.Proves.Threat.Was.Known.Before.9/11]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200206061313.g56DDvF21351@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Thu, 6 Jun 2002 06:13:57 -0700 (PDT)
Subject: [iwar] [fc:Privacy.vs..Security:.A.Bogus.Debate?]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

BUSINESS WEEK ONLINE
JUNE 5, 2002 
 
 SPECIAL REPORT: NEW THREATS TO PRIVACY 
 
 Privacy vs. Security: A Bogus Debate?

Author of The Transparent Society, David Brin says what's needed are
rules and tools to let citizens "watch the watchers"


David Brin is a privacy heretic.  He doesn't agree with those in the
intelligence and law-enforcement communities who argue that Americans
have to surrender freedoms to make their lives safe.  Nor does he agree
with advocates who argue that it makes sense to protect privacy at all
costs -- certainly not if it means living with added insecurity. 

As Brin sees it, security and privacy shouldn't be construed as rivals:
Instead, he says, everyone will be safer if the government knows a lot
-- within reason -- about its citizens, and if Americans know a lot more
than they do now about how the government uses their information. 

Brin may be provocative, but he's not crazy.  A PhD in space physics and
sci-fi author, Brin argues that security is advanced by openness rather
than secrecy.  Many of his views are laid out in his 1998 book about
privacy The Transparent Society.  The march of increasingly intrusive
technology is unstoppable, he reasons, so why fight it?

FLASHLIGHTS FOR ALL.  Rather, Brin would give everyone access to the
same information, at least most of it.  "We can stand living exposed to
scrutiny, if in return we get flashlights of our own that we can shine
on anyone who might do us harm," he argues. 

Brin's views have earned him the ire of mainstream privacy advocates. 
No wonder.  He calls them ideologues and says they failed to fight for
important oversight of new powers Congress awarded the Justice Dept. 
after September 11.  At the same time, though, he thinks that if
Attorney General John Ashcroft wants to know more about individual
Americans, they should have the right to know a lot more about his
methods -- much as the country ultimately learned about the machinations
of legendary FBI Director J.  Edgar Hoover. 

On May 29, Brin spoke with BusinessWeek Online technology reporter Jane
Black about how privacy and security could work hand-in-hand -- and ways
to ensure they do.  Edited excerpts from that conversation follow:

Q: Privacy is always discussed with the idea that, in order to have it,
there has to be a trade-off for security.  You don't believe this is
true.  Why? A: It's a devil's dichotomy: false and unnecessary, but
widely promulgated since September 11.  Look at the actual events on
that tragic day.  The only measures that thwarted our enemies and
mitigated the harm were taken by private individuals. 

All the important video footage, all the vital cell-phone calls that
started the evacuation, were made by private citizens.  The rebellion on
United Flight 93 [which crashed in Pennsylvania].  The debunking of
hoaxes [was] an unsung contribution during the week that followed.  All
these important measures were taken by a huge ensemble of individuals
who had access to information and the rapid means to share it. 

I won't denigrate our professionals.  They protected us before that day,
and they are doing their best now.  But failure happens.  They failed on
September 11...and notice how civilians leaped to fill in.  It points
out the stupidity of relying on just one method of error-detection and
harm-prevention. 

The 20th century was one long, monotonic increase in the degree to which
citizens rely on paid professionals -- to grow food, to provide means of
life, and to protect them from harm -- and that trend simply can't go
much further. 

I'm not saying that professionalism won't improve.  It must.  But the
complex problems that we're facing will overwhelm any hypothetical level
of professional competence.  Our only hope is to supplement
professionals with a skilled, fiercely independent, and keen-eyed
citizenry. 

Q: Why, then, is there a widespread belief that the opposite is true? A:
On the airwaves, we keep seeing these staged confrontations between some
civil libertarian and a security expert, screaming like pro wrestlers. 
The security expert says, "We must get used to surrendering traditional
freedoms to make life safe for our children." The civil libertarian
howls back, "We must all courageously endure a certain amount of
insecurity for liberty's sake."

What happens when the camera goes off? They give each other high-fives
for a great entertaining riff -- and all the consultancy and speaking
engagements pouring in.  Meanwhile, they're spreading a poison: the
concept that we must choose between two vital things.  Nobody tells me I
must choose between safety for my children and their freedom.  It's a
nonstarter. 

Q: So how do we redefine privacy? A: We have to think about protecting
data that can cause harm, rather than about protecting all data.  We
desperately need a core of privacy, but that word will be redefined year
by year by agile citizens.  We'll learn to pick and choose a few
secrets.  What salad dressing you bought will wind up being as open and
public as the color of the sweater you wear on the street.  And you'll
care about it as much. 

Common citizens are more sensible than elite privacy activists, who
sneer at the public for using supermarket club cards [in return for
which they have to reveal a lot about themselves].  "They're
surrendering their sacred information," [the privacy advocates argue]. 

But people aren't clueless.  They know the supermarket is correlating
their purchases in order to decide which coupon to give them.  They
choose not to consider that harmful.  Shifting the discussion from pure
ideals to a scale of harm would let us focus on a range of pragmatic
choices -- which secrets to hold onto and which aren't worth the effort. 
But purists don't see it that way. 

Q: So what should be private? A: Information that can cause harm.  The
secret location of the shelter for battered wives, psychiatric records,
or medical records that could bias someone against you.  The trade-off
is always that someone else may need the information in order to
legitimately hold you accountable. 

Moreover, anyone in a position of power over others should be held to a
higher standard of scrutiny.  Elites traditionally try using power and
influence to escape accountability.  It's human nature.  No need to be
angry about it.  We do need to prevent it. 

The interesting thing is that our culture is already tuned to this
wisdom.  The most common message in all popular entertainment is
suspicion of authority.  Name a popular film in the past 30 years where
the hero didn't bond with the audience by sticking it to some authority
figure.  We differ mostly in which authority we dread -- government,
aristocracy, corporations, criminals, intellectuals.  But notice the
shared pattern.  It has kept us free. 

Q: Making most information available to anyone and everyone is scary,
though.  I always think about a scene in William Gibson's novel
Neuromancer, where a man is walking down the street and passes a pay
phone.  It rings, and it's for him.  He doesn't want to talk, so he
hangs up and keeps walking.  He passes another pay phone.  It rings --
and so does the next one.  Is this unrealistic? More important, is it
dangerous? A: Everybody assumes Big Brother will have the worst kind of
transparency, the kind that works in his favor, one-way transparency. 
We're tuned to worry about that.  Few pundits notice that we've already
found the answer -- make the telescreen look both ways. 

If those sneaky people chasing that man down the street were subject to
his own counterscrutiny -- and civil penalties that he could enforce for
harassment -- that's more effective than passing some futile
[privacy-protection] law.  You won't ever stop elites from seeing you. 
But recent history proves that you can look back. 

Q: How? That's the problem.  People feel powerless.  A: We look back all
the time.  We have open-meeting laws and class actions.  We have the
Freedom of Information Act and adversarial legal disclosure.  It's
almost instinctive in our system.  When professionals ask for more
information, we demand that they strip a little more naked. 

We stripped the most powerful man in the world [Bill Clinton] down to
his underwear a few years back.  Some on the radical right didn't like
the way we punished him, with a yawn and a wrist-slap.  But that's the
people's privilege.  What's important is that citizens went along with
the relentless search for facts.  Only later did they decide to yawn. 

Q: Has the American public responded appropriately since September 11?
Have we demanded enough oversight? A: We didn't panic.  And [Attorney
General] John Ashcroft seems to understand that.  He asked for a only
few, incremental new powers.  But notice, he didn't offer any increased
accountability in exchange.  Nor is it his job to say, "in return for
these new powers of sight, I'm going to strip a little more naked."

It's our job to demand more oversight, to make sure that the telescreen
looks back at Big Brother.  Our advocates let us down this time.  All
they did was futilely rail against Ashcroft.  When he stepped over their
line in the sand, they retreated and drew a new line.  That's not what
works. 

What works is to dangle new eyeglasses in front of the Attorney General
and say: "You don't get these until you strip.  Go ahead, strip." We
need more insight into how and when the government uses its new power. 
We need more accountability. 

Q: How do we implement oversight? A: There are so many possible ways. 
Here's just one: give us an autonomous Inspector General of the U.S. 
Today, the inspectors in each Cabinet department report -- and owe their
jobs -- to the people they are supposed to watch. 

The IG should be its own dedicated corps, like a public health service
or Coast Guard, with real oaths and a fierce code of conduct.  That's
just one way we could demand to see better [what others know about us]. 
To watch the watchers. 

The truth is, our professionals may honestly need to see a whole lot
better right now.  We shouldn't refuse them important tools or assume
that our freedom depends on government blindness.  What we do need is to
keep reminding government that it's a dog we own.  Not a wolf that owns
us.  You don't do that by blinding the dog.  You supervise.  You keep it
on a choke chain. 

Q: What other legislation do we need to make this happen? A: Tell banks
to stop using our Social Security numbers as passwords.  Since you
cannot change it, the SSN is intrinsically a name, not a password.  All
possibility of it harming us would go away if banks stopped this inane
practice.  Alas, the legislation that's proposed [such as Senator Dianne
Feinstein's (D-Calif.) Social Security Number Misuse Prevention Act of
2001] goes in the wrong direction, banning the SSN as a unique,
universal identifier. 

Q: In your book, you talk about the illusion of privacy.  Is society's
inaccurate belief that privacy really exists holding us back from
finding innovative ways to protect our personal information? A: Let me
emphasize again: Without some privacy, we couldn't stay human.  But
we'll be better equipped to defend a core of essential privacy if our
overall civilization is open enough to let us catch the Peeping Toms and
power abusers. 

Better, more intrusive technology is going to limit our [ability to stay
anonymous].  In 5 or 10 years, you'll have eyeglasses that scan any face
on the street, look it up on the Internet, and provide captions as you
walk by.  This will be a return to the village of our ancestors, where
they recognized everyone they saw.  No one will be a total stranger. 

Chilling? Yes.  But should we try to ban this technology? No.  That
would only limit it to some elite -- whichever elite you happen to fear. 
Then, someone passing you on the street will glance at you and break out
laughing, and you'll know they can see you, really see you.  And you
won't be able to look back. 

The village is returning, alright.  But we may still decide which kind. 
Is it a benign village that appreciates eccentricity and diversity? One
where all elites have to watch themselves and avoid abusing power?


Will it be the good village of the Andy Hardy movies, where no one is
neglected and no one has to conform? Or will it be the bad village of
Babbitt, dominated by secret patricians and citizens who are cowed by
busybody gossips?

Technology seems to foretell a world village, whether we like it or not. 
But we still can choose which kind. 


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tied to your PC? Cut Loose and
Stay connected with Yahoo! Mobile
http://us.click.yahoo.com/QBCcSD/o1CEAA/Zr0HAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Terrorism.Open.Source.Intelligence.Report]"
Previous message: Fred Cohen: "[iwar] [fc:Heads-Up.To.Ashcroft.Proves.Threat.Was.Known.Before.9/11]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT