Security, Privacy and Computers
Security is the means by which one makes it difficult for another forcibly to obtain information, whereas privacy is the means by which one makes information unavailable. Privacy and anonymity have been taken for granted in daily life since time started. We buy groceries and movie tickets with cash, we browse at store windows without showing any identification, and we look at newspapers without anyone knowing which particular article we are reading. Lovers have always whispered sweet words in each other’s ears in private, and even some formal written and oral communications — such as privileged discussions between lawyer and client – have enjoyed legally sanctioned confidentiality in civilized societies
This is all changing very rapidly simply because technology makes it easy to break confidentiality. The incentive to violate individuals’ privacy exists both in commercial and in government sectors. Commerce has realized the cost-effectiveness of directed advertising to those already known to have an interest in what is being peddled, and has been deploying increasingly sophisticated technical means of identifying who likes what. Repressive governments, which have always feared any dissent, have availed themselves of even more intrusive technologies to create and maintain vast databases about people in order to identify any and all dissent so as to nip it in the bud; sadly, even democratic governments have played up citizens’ insecurities and have done the same under the guise of protecting us from each other. One should not forget Montesquieu’s words: ‘there is no greater tyranny than that which is perpetrated under the shield of law and in the name of justice’. Nor should we forget the words of William
Pitt, British Prime Minister, on 18 November 1783: ‘Necessity is the plea for every infringement of human freedom; it is the argument of tyrants; it is the creed of slaves’. It is perilous to assume the position that ‘I have done nothing wrong, so I am safe’. Holocaust victims had done nothing wrong either but had a lot to fear, and the same is true for numerous executed individuals who have been exonerated post-mortem as a result of DNA testing.
Furthermore, privacy is an essential element of freedom and does not imply any wrongdoing. We shower in private, we try to keep our medical records private, and we use curtains to keep others’ gazes out of our personal and family lives. With the ubiquitous use of personal computers to which we entrust a lot of such private information, there is no reason why we should accept that our privacy ends the moment we touch the keyboard of that personal computer.
Prompted by the much-publicized open availability of strong encryption, many individuals have incorrectly assumed that encryption is the cure-all antidote to the increasing erosion of individual privacy. It is not. Just like a courier of expensive jewels would be ill-advised to stand out by advertising what he or she is carrying, one should not want to stand out by taunting an oppressive regime with encryption in a sea of unencrypted traffic; discretion and unobtrusiveness – without excluding camouflaged encryption – is often far better and more secure. Also, just like a fancy padlock on one’s front door is counterproductive if the back doors and windows are not secured, encryption can give one a false sense of security that is worse than no security at all if one’s electronic ‘back doors and windows are left unsecured.
Trackback from your site.