Collaboration

Would giving up some privacy help you (and your network)?

Privacy and security are definitely at opposite ends of the spectrum when it comes to the Internet. In order to get more security than we have now, we are going to have to give up some privacy. However, the two concepts are far from a zero-sum game, there are many grey areas that we can work with to get some meaningful security in the long run.

Privacy and security are definitely at opposite ends of the spectrum when it comes to the Internet. In order to get more security than we have now, we are going to have to give up some privacy. However, the two concepts are far from a zero-sum game; there are many gray areas that we can work with to get some meaningful security in the long run.

Defending "Fixing the Internet" (Infoworld)

New Jersey's Supreme Court has come down on the side of privacy, ruling that ISPs cannot give up customer information without a warrant. Unfortunately, something will have to be done about security as identity and information theft have become a huge underground business. Criminals are not the only ones using information for profit, as Charter Communications has begun finalizing plans to give customer tracking data to a company that delivers targeted advertisements.

NJ's Top Court to Rule on Internet Privacy (NJ.com)

NJ Supreme Court Rules for Internet Privacy (Slashdot)

Charges Filed in Internet Privacy Theft (The Hartford Courant) Charter in Privacy Hot Seat over Web Tracking (PC World) I am on record as being squarely on the side of privacy, but I do agree that there are reasonable steps that could be taken (theoretically) to help ensure security while giving users the ability to control the use of their personal information. I personally believe that e-mail servers should have to authenticate with each other to pass mail back and forth to cut down on spam. I also believe that people should have the right to be as anonymous, or as open, as they like. Unfortunately, there isn't an organization out there that I trust to administer a private information store like the one described in the Infoworld article. I certainly don't trust the government to do it, and everyone else wants to make money off of that data. Do you think that there is common middle ground that security and privacy advocates can meet on?
21 comments
Andy J. Moon
Andy J. Moon

How much privacy would you be willing to give up in order to gain more security from threats like malware, viruses, and spam?

Penguin_me
Penguin_me

"Privacy and security are definitely at opposite ends of the spectrum when it comes to the Internet." Really ? According to so many articles, including by everyone's favourite security Guru, Bruce Schneier (www.http://www.schneier.com/) this simply isn't true (cite: http://www.schneier.com/blog/archives/2008/01/security_vs_pri.html ) to quote Bruce: "We've been told we have to trade off security and privacy so often -- in debates on security versus privacy, writing contests, polls, reasoned essays and political rhetoric -- that most of us don't even question the fundamental dichotomy. But it's a false one. Security and privacy are not opposite ends of a seesaw; you don't have to accept less of one to get more of the other. Think of a door lock, a burglar alarm and a tall fence. Think of guns, anti-counterfeiting measures on currency and that dumb liquid ban at airports. Security affects privacy only when it's based on identity, and there are limitations to that sort of approach." Why do people believe that to be secure we can't have privacy ? If I secure my personal computer, it's protecting my privacy as well as security... Final quote (from the above cite'd article); "If you set up the false dichotomy, of course people will choose security over privacy -- especially if you scare them first. But it's still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." It's also true that those who would give up privacy for security are likely to end up with neither."

brudab
brudab

Just as law officers need to do their jobs properly to catch a non-cyber criminal e.g. murderer or thief, they should upgrade their skills to be able to detect and apprehend cyber criminals without infringing on our rights. For example, say a guy is robbed on your street, would the police search every house on the street unless they had compiled a suitable amount of evidence to do so? Then why is has it been made legal for law officers to search the contents of our computers for evidence of a crime even when there is no reason to believe one was committed?

$$$$$$$$$$
$$$$$$$$$$

But my questions were intended to focus on the fact that ignorance tends to make all behavior appear "suspicious" to those who don't understand it. Their imaginations concoct nonsense like "she turned me into a newt." http://www.hbci.com/~wenonah/history/ergot.htm I got bettah!

DanLM
DanLM

sorry, I went off topic... Dan

DanLM
DanLM

Your car is searched. Reasonable doubt. They have to ask permission. You say yes. You have a brief case that is locked on your back seat. He asks for the key. Do you give it to them? You have already said they could search. What is the difference. If you locked the brief case, there is quite obviously material you do not want others to see. Is it personal? And yes, the brief case should be searched. Drugs, contacts, porn. Why was you searched in the first place. No, I'm not saying you abso. Hope you know that. That is nothing but a way of trying to explain what I was talking about. Dan

$$$$$$$$$$
$$$$$$$$$$

[i]Suspicious behavior. Police officer asks to search the car. The answer is yes. This police officer searches glove compartment(finds pda), trunk(finds laptop). What then?[/i] Does the pda or laptop have anything to do with the unspecific, suspicious behavior? If so, what?

$$$$$$$$$$
$$$$$$$$$$

"I'm being a hell of a lot more realistic about it" because I'm talking about the officers with jurisdiction. Or, don't they really respect jurisdictional boundaries?

DanLM
DanLM

Beat cops do pull over or search house's, cars, and persons. This is on the spot searches? Will any electronic devices be confiscated at that point till more technical individuals would be available? This duty is performed by all police officers no matter what the size of the localities. Let's carry it further. By your argument, there would be specialized individuals who would be responsible for the technical searches. Does that mean, I lose my valuable electronic device until they have performed the technical search? Larger city, 60,000 again will be my example. Smaller localities also utilize the technical staff for this type of function. Backlog of this type of searches because of this I am a buisness man that has had his electronic device confiscated till a search can be performed. There was probable cause that will stand up in court. How long do I go without my device? till the search is completed. Shoot. Major highway. Highway patrol. Pulled over for speeding/broken headlight. Suspicious behavior. Police officer asks to search the car. The answer is yes. This police officer searches glove compartment(finds pda), trunk(finds laptop). What then? Again, realistic. I don't think I am being cynical, trying not to be anyway. And thank you for the reply. Dan

s31064
s31064

This is going to be a long one as I'm quoting and answering other posts, so if you're not really interested, skip it. brudab@...: "The law needs to play catch up. Just as law officers need to do their jobs properly to catch a non-cyber criminal e.g. murderer or thief, they should upgrade their skills to be able to detect and apprehend cyber criminals without infringing on our rights." DanLM: "What do you think the basic skills of a police officer are? 1). Knowledge of the law? 2). Knowledge of firearms? 3). Knowledge of investigative procedures? "Agree for the most part? I'm talking about your average police officer, maybe up to sergeant???" When was the last time you saw, heard, or read about a beat cop (patrol officer for the politically correct) solving a crime? Outside of TV, I mean? Their job is to prevent crime from happening, and aid in the capture of identified persons after a crime is solved. No one comes out of the academy and immediately becomes a Detective. Detective is a rank, and it comes not only from passing tests, like Sergeant, it comes from a combination of tests, past performance, and recommendations from supervisors. Once you become a Detective, you are assigned to a division suited to your qualifications; robbery, homicide, vice, etc. IT should simply become another division within the force. brudab@...: "For example, say a guy is robbed on your street, would the police search every house on the street unless they had compiled a suitable amount of evidence to do so? Then why is has it been made legal for law officers to search the contents of our computers for evidence of a crime even when there is no reason to believe one was committed?" It is no more legal for a law officer to hack your computer than someone from Warez or Phreaks. It does become legal when, and only when, the information is obtained under warrant, which is only signed when sufficient evidence of a crime has been submitted to a judge for approval. DanLM: "How much IT skill do you expect them to have? 1). Know what should and should not be on a computer based on operating system? How many operating systems are there? 2). Be able to identify document files? How many office suites are there? 3). Be able to recognize all the file types of all the different graphic types? "Would you expect EVERY police officer to have this knowledge? If not, would you expect EVERY police department to have at least 1 knowledgeable person on staff? Would there be specific criminal IT investigation training to meet this criteria?" Obviously not every officer is going to be able to decipher the information gathered from someone's computer. As I said above, the divisions within a detective squad are specialized. Every police department has access to the same resources outside their own department. The FBI, NYPD, LAPD, and I would have to believe, every other major city police force, all supply help and resources to the smaller departments that request help, whether it's computer forensics, DNA testing, psychological profiling, whatever. Mayberry, RFD, can ask Mount Pilot for help, and has the right to request help from any federal investigative bureau. These resources not only provide help on specific cases, most also practice the 'give a man a fish, feed him one day, teach a man to fish, feed him forever' theorum. Anywhere from 10 - 25% of any graduating class from the NYPD Police Academy are NOT from the NYPD. DanLM: "For someone to have such a wide base of knowledge in various areas, law, investigation, and now IT. They don't make crap. And they get shot at." Anyone becoming a police officer knows the pay and the risks going in. The job requirements are the job requirements, period. Don't get me wrong, I'm not being anti-cop when I say that. My father was a retired cop (20 years, NYPD), my uncle was a sergeant (27 years, NYPD), and my aunt was in the DA's office so long the DA forced her to retire because she could make more from her pension and package than she was making as a salary (47 years, RCDA). The only reason I wasn't a cop was because I failed the medical (heart murmur). DanLM: "Its all fine and dandy to say they need more training. But you need to be specific, and don't forget the big one here. Who is going to pay for it. Remember jobs are being lost. Tax revenue is going down. Business's are closing." It's a 'cost of doing business' for every municipality. The money is there, the priorities may have to be adjusted, but the money is there. DanLM: "How about some specifics here of exactly what you mean. "And again, I don't disagree with your position. I just think I'm being a hell of alot more realistic about it." The specifics are above, and the word isn't realistic, the word is cynical.

RFink
RFink

It's the judges who issue the warrents. It's scary to think that judges with the computer knowledge of a gnat can issue warrents because a DA makes a good sounding case.

DanLM
DanLM

Ok, I don't disagree. But What do you think the basic skills of a police officer are? 1). Knowledge of the law? 2). Knowledge of firearms? 3). knowledge of investigative procedures? Agree for the most part? I'm talking about your average police officer, maybe up to sergeant????? Add in IT skills. Again, agree. They need the knowledge. Now, lets look at the average salary of a police officer? Where i use to live, it was under 15 dollars an hour for outlieing suburbs. City police(60,000 population area) most likely had salary's in eh? 30,000 a year? How much IT skill do you expect them to have? 1). Know what should and should not be on a computer based on operating system? How many operating systems are there? 2). Be able to identify document files? How many office sweats(how ever you bloody spell this) are there? 3). Be able to recognize all the file types of all the different graphic types? For someone to have such a wide base of knowledge in various areas. law, investigation, and now IT. They don't make crap. And they get shot at. They deserve more compensation if you are expecting them to have more knowledge. Would you expect EVERY police officer to have this knowledge? If not, would you expect EVERY police department to have at least 1 knowledgeable person on staff? Would there be specific criminal IT investigation training to meet this criteria? Its all fine and dandy to say they need more training. But you need to be specific, and don't forget the big one here. Who is going to pay for it. Remember jobs are being lost. Tax revenue is going down. Business's are closing. How about some specifics here of exactly what you mean. And again, I don't disagree with your position. I just think I'm being a hell of alot more realistic about it. Dan

$$$$$$$$$$
$$$$$$$$$$

[i]For example, say a guy is robbed on your street, would the police search every house on the street unless they had compiled a suitable amount of evidence to do so? Then why is has it been made legal for law officers to search the contents of our computers for evidence of a crime even when there is no reason to believe one was committed?[/i] The lawmakers certainly don't display the knowledge of computers to speak intelligently of what would constitute "probable cause" or "reasonable suspicion" of criminal use of a computer. To such ignoramuses, almost everything interesting looks "fishy."

$$$$$$$$$$
$$$$$$$$$$

The right to be left alone in one's home is inalienable, and the right to be free of unwarranted search and seizure includes surreptitious search and seizure. I appreciate your clear, sensible words on the topic of privacy.

RFink
RFink

Privacy is the right to do something illegal and not get caught?

Penguin_me
Penguin_me

First, I agree with the other poster applauding your comments. Now, onto the comment: Privacy is defined as (among other things) "...the ability of an individual or group to keep their lives and personal affairs out of public view, or to control the flow of information about themselves." it may be the case that privacy aids not getting caught, but that's a bi-product, as opposed to the point.

wayoutinva
wayoutinva

Privacy is like the curtains on your windows at home. If you want the neighborhood to know your business open the curtains...if you dont welll...

DanLM
DanLM

I have come to look forward to seeing what you have to say or ask. No, I am not trying to flame you. In my stumbling way, i am trying to compliment you. Don't always agree, but damn. You go straight to the point in 3 words or less. Which is something I do truly appropriate. Dan

RFink
RFink

My dad taught me never to accept the common wisdom on faith and never be afraid to question authority (except his :) ).

bboyd
bboyd

Privacy is not something you give up for security. Seems like many want to treat the Internet and computers as the ethical equivalent of a public space like the mall. It should be morally equivalent to my private space like the bedroom. I'd like to point out also that Anonymity is not privacy. If you wore a mask to the mall you'd have the cops called on you. In your bedroom its redundant. But if you took the contents of your wallet and other records and wore them on your shirt in the mall people would think your and idiot. Put them back in your wallet/purse. In your bedroom you should feel safe putting that on the dresser or open. Security, not having that wallet stolen or being attacked, does not obviate the validity of privacy. But anonymity does not help only hinders. Anyone think that someone breaking into your computer is not the similar to breaking into your home? Putting my family name on the front door doesn't change the need for a door lock. /rant_off

Editor's Picks