Security & Privacy: An introduction; concepts explained; theory
Security and Privacy, two words that we all can agree are vitally important and an integral part of any successful society. That makes it sound like we’re going to dive deeply into philosophy, politics, and culture – but we’re not deliberately going there. However, because these topics (which are two sides of the same coin) rely heavily upon what is and is not legal, what is and is not moral, and what is and is not culturally viable, the discussion will inevitably include aspects of each of these from time to time.
When we’ve talked about security and privacy before, we’ve heard opinions that we’re being “paranoid”, or “if you have nothing to hide, you have nothing to fear”, and other commentary trying to stigmatize the overall concept of privacy as crazy, insane, or just plain silly. This isn’t the forum for that kind of criticism. To help set the stage for this discussion, let’s define some terms, so we’re all using the same terminology.
What is Privacy?
In the simplest conceptualization, privacy is the state or condition of being free from being observed by other people. In tangible terms, privacy is why we have curtains, drapes, or frosted glass in our bedrooms and bathrooms: we don’t want people watching us while we use the restroom, while we dress and undress, and while we engage in intimate activities. For those of you who would rebut this with “I don’t care if people can see”, I respectfully offer up my perspective as a husband and father who is acutely aware of people who would go out of their way to see my wife or daughters in those situations.
Even if they “didn’t care” if people could see, what those people would do next, having been emboldened by their unobstructed view into their private lives, and enticed by their imaginations based upon those observations, a case of simply voyeurism can quickly turn into something physical – something violent. This steady progression from the alleged “innocent” activity to the obviously violent activity is why privacy should matter to every one of us. A lack of privacy inevitably leads to a lack of security.
What is Security?
Security, as we implied from our definition of privacy, is the state of being free from danger or threat. It is the literal application of privacy, and the direct result of the depth and breadth of the level of privacy to which you enjoy.
Oftentimes the word “security” is used when the word “privacy” is more accurate. For example, a VPN could be said to make web surfing “more secure”; encrypting your chat conversations could be said to make those conversations “more secure”. The more appropriate wording would be that they were made “more private”, but we’ll likely interchange the two from time to time.
An American Bias?
I live in these United States, and have certain Rights that may not be globally available. I’m not bringing this up as a point of privilege, rather, to further lay the foundation upon which this series will be based. Our founding documents (the Declaration of Independence, the U.S. Constitution, and the Bill of Rights in particular) form the context of my perspective.
What’s important here is beautifully described in the Declaration of Independence:
We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. — That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed…
It doesn’t say “that all Americans are created equal”, or “that all citizens of these United States are created equal”. The Declaration of Independence says “that all men (meaning all mankind) are created equal” and “that they are endowed by their Creator” with unalienable Rights. It doesn’t differentiate who your “Creator” is – God, Aten, Allah, Waheguru, Vishnu, Pangu, Jasagnan, Mother Nature, The Big Bang, Chaos, Evolution, or any other being or force of creation.
Similarly, these Rights are given to all by whatever they consider to be their creator, and that these Rights are unalienable. “Unalienable” comes from the Latin alienus, meaning “of or belonging to another”. When prefaced with “un-” it means something which is incapable of being repudiated or transferred to another.
To secure those Rights, Governments are created among us, but those governments derive their powers from the consent of those whom they govern.
Whether you subscribe to that philosophy or not, I do, and it forms the basis upon which I dispel any “American Bias” that you think I may have.
Put another way, regardless of whom you claim to be your “Creator”, it is my belief:
- That those Rights are given to you, the individual;
- That those Rights are unable to be repudiated or transferred to another, or taken from the individual; and
- That Governments are made by individuals with the purpose to protect those Rights.
What’s more, “whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it”. These Rights aren’t exclusively American – and, to be frank, we’ve done a terrible job protecting them. However, I do acknowledge and concede that not all people believe in these Rights, and that not all Governments protect them. Under some Governments, certain applications of privacy or security may be illegal – which isn’t to say that they’re wrong or immoral, just that they may be against someone’s law. I’m not advocating that anyone break the law, and I further acknowledge that laws vary by locale.
When you think that I may have an American bias, please remember that I subscribe to the philosophies ensconced in the Declaration of Independence, and feel that it was written with concepts which apply to all of us. My Right of privacy, or of religion, or of self-defense (etc.), in my view, is no different than your Right to the same.
A Technological Context
This being a website and community that is generally concerned with mobile devices and technologies, discussions that are historical, political, religious, and philosophical in nature are not something that you’ll come across every day. So far what I’ve said sounds like a lot of politics, philosophy, religion, and history. For that, I only partially apologize.
This won’t be a soapbox upon which a certain religious, political, or philosophical ideology is professed. However, it’s important to lay the foundation upon which they are based, to give us a commonality of language and semantics, to define terms, and to set the stage going forward. Future discussions won’t delve much into those “forbidden” topics, but I will refer to them as the context of that discussion dictates.
Back to technology
In today’s world, we’re more connected than we ever have been at any point in the past. Most of us carry around a computer which is many times more powerful than that which was used to land astronauts on the moon or fly cosmonauts around the earth. It fits in our pocket. It connects to the Internet at a speed hundreds of times faster than our desktop computers did just a dozen years ago. The amount of information available to us today eclipses in depth, breadth, and availability that which has ever been around – and all of it available from a little device that we can carry in our hand.
With that technology, however, come concerns of both privacy and security. Recent revelations have shown that governments have tapped into these devices (and the networks to which they connect) to spy on us. To record our phone calls, to track our movements, to listen in on ambient conversations, and so much more.
The more troubling piece to all this is something called “metadata” – data about data. The courts in these United States have upheld the concept that the government doesn’t need a warrant to obtain metadata (I disagree with this interpretation).
To describe how metadata is used, I’ll quote Georgetown University Law Center professor David Cole:
“… knowing the content of a call can be crucial to establishing a particular threat. But metadata alone can provide an extremely detailed picture of a person’s most intimate associations and interests, and it’s actually much easier as a technological matter to search huge amounts of metadata than to listen to millions of phone calls.”
NSA General Counsel Stewart Baker had this to say about metadata:
“…metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.”
Probably the most worrisome comment I’ve heard about metadata to-date was made by General Michael Hayden, former director of the NSA and the CIA. Hayden called Baker’s comment “absolutely correct” and went on to add:
“We kill people based on metadata.”
Let that sink in for a moment:
- Metadata alone can provide an extremely detailed picture of a person’s most intimate associations and interests
- If you have enough metadata, you do need the content of emails, phone calls, text messages, places you’ve visited, or chat conversations
- Metadata tells you everything about somebody’s life
- Governments have admitted to killing people based on metadata
You tell me, do you think privacy should be an important part of your digital life?
With that in mind, welcome to the new Security and Privacy section of Pocketnow!