Security Shouldn’t Trump Privacy – But I’m Afraid It Will


The NSA and security agencies from other countries are shooting for total surveillance, for complete protection against terrorism and other crimes. This creates the potential for too much knowledge falling one day in the wrong hands.

An NSA contractor, Edward Snowden, takes it upon himself to gather a mountain of secret internal documents that describe our surveillance methods and targets, and shares them with journalist Glenn Greenwald. Since May of this year, Greenwald has provided us with a trickle of Snowden’s revelations… and our elected officials, both here and abroad, treat us to their indignation.

What have we learned? We Spy On Everyone.

We spy on enemies known or suspected. We spy on friends, love interests, heads of state, and ourselves. We spy in a dizzying number of ways, both ingenious and disingenuous.

(Before I continue, a word on the word “we”. I don’t believe it’s honest or emotionally healthy to say “The government spies”. Perhaps we should have been paying more attention, or maybe we should have prodded our solons to do the jobs we elected them for… but let’s not distance ourselves from our national culpability.)
You can read Greenwald’s truly epoch-making series On Security and Liberty in The Guardian and pick your own approbations or invectives. You may experience an uneasy sense of wonder when contemplating the depth and breadth of our methods, from cryptographic and social engineering exploits (doubly the right word), to scooping up metada and address books and using them to construct a security-oriented social graph.

We manipulate technology and take advantage of human foibles; we twist the law and sometimes break it, aided by a secret court without opposing counsel; we outsource our spying by asking our friends to suck petabytes of data from submarine fiber cables, data that’s immediately combed for keywords and then stored in case the we need to “walk back the cat“.


Sunday’s home page of the German site Die Welt

The reason for this panopticon is simple: Terrorists, drugs, and “dirty” money can slip through the tiniest crack in the wall. We can’t let a single communication evade us. We need to know everything. No job too small, no surveillance too broad.

As history shows, absolute anything leads to terrible consequences. In a New York Review of Books article, James Bamford, the author of noted books on the NSA, quotes Senator Frank Church who, way back in 1975, was already worried about the dangers of absolute surveillance [emphasis mine]:

“That capability at any time could be turned around on the American people and no American would have any privacy left, such [is] the capability to monitor everything: telephone conversations, telegrams, it doesn’t matter. There would be no place to hide. If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology…. I don’t want to see this country ever go across the bridge. I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return.

From everything we’ve learned in recent months, we’ve fallen into the abyss.

We’ve given absolute knowledge to a group of people who want to keep the knowledge to themselves, who seem to think they know best for reasons they can’t (or simply won’t) divulge, and who have deemed themselves above the law. General Keith Alexander, the head of the NSA, contends that “the courts and the policy-makers” should stop the media from exposing our spying activities. (As Mr. Greenwald witheringly observes in the linked-to article, “Maybe [someone] can tell The General about this thing called ‘the first amendment’.”)

Is the situation hopeless? Are we left with nothing but to pray that we don’t elect bad guys who would use surveillance tools to hurt us?

I’m afraid so.

Some believe that technology will solve the problem, that we’ll find ways to hide our communications. We have the solution today! they say: We already have unbreakable cryptography, even without having to wait for quantum improvements. We can hide behind mathematical asymmetry: Computers can easily multiply very large numbers to create a key that encodes a message, but it’s astronomically difficult to reverse the operation.

Is it because of this astronomic difficulty — but not impossibility — that the NSA is “the largest employer of mathematicians in the country“? And is this why “civilian” mathematicians worry about the ethics of those who are working for the Puzzle Palace?

It might not matter. In a total surveillance society, privacy protection via unbreakable cryptography won’t save you from scrutiny or accusations of suspicious secrecy. Your unreadable communication will be detected. In the name of State Security, the authorities will knock on your door and demand the key.

Even the absence of communication is suspect. Such mutism could be a symptom of covert activities. (Remember that Bin Laden’s compound in Abbottabad was thoroughly unwired: No phones, no internet connection.)

My view is that we need to take another look at what we’re pursuing. Pining for absolute security is delusional, and we know it. We risk our lives every time we step into our cars — or even just walk down the street — but we insist on the freedom to move around. We’re willing to accept a slight infringement on our liberties as we obey the rules of the road, and we trust others will do the same. We’re not troubled by the probability of ending up mangled while driving to work, but the numbers aren’t unknown (and we’re more than happy to let insurance companies make enormous profits by calculating the odds).

Regarding surveillance, we could search for a similar risk/reward balance. We could determine the “amount of terror” we’re willing to accept and then happily surrender just enough of our privacy to ensure our safety. We could accept a well-defined level of surveillance if we thought it were for a good cause (as in keeping us alive).

Unfortunately, this pleasant-sounding theory doesn’t translate into actual numbers, on either side of the equation. We have actuarial tables for health and automotive matters, but none for terrorism; we have no way of evaluating the odds of, say, a repeat of the 9/11 terrorist attack. And how do you dole out measures of privacy? Even if we could calculate the risk and guarantee a minimum of privacy, imagine that you’re the elected official who has to deliver the message:

In return for guaranteed private communication with members of your immediate family (only), we’ll accept an X% risk of a terrorist attack resulting in Y deaths and Z wounded in the next T months.

In the absence of reliable numbers and courageous government executives, we’re left with an all-or-nothing fortress mentality.

Watching the surveillance exposition unfold, I’m reminded of authoritarian regimes that have come and gone (and, in some cases, come back). I can’t help but think that we’ll coat ourselves in the lubricant of social intercourse: hypocrisy. We’ll think one thing, say another, and pretend to ignore that we’re caught in a bad bargain.


A lesson of Public e-Policy


The small Baltic republic of Estonia is run like a corporation. But its president believes government must to play a crucial role in areas of digital policy such as secure ID. 

Toomas Hendrik Ilves must feel one-of-a-kind when he attends international summits. His personal trajectory has nothing in common with the backgrounds of other heads of state. Born in Stockholm in 1953 where his parents had taken refuge from the Soviet-controlled Estonia, Ilves was raised mostly in the United States. There, he got a bachelor’s degree in psychology from Columbia University and a master’s degree in the same subject from the University of Pennsylvania. In 1991, when Estonia became independent, Ilves was in Munich, working as a journalist for Radio Free Europe (he is also fluent English, German and Latin.) Two years later, he was appointed ambassador to — where else? — the United States. In 2006, a centrist coalition elected him president of the republic of Estonia (1.4m inhabitants).

One more thing about Toomas Hendrik Ilves: he programmed his first computer at the age of 13. A skill that would prove decisive for his country’s fate.

Last week in Paris, president Ilves was the keynote speaker at a conference organized by Jouve Group, a 3,000 employees French company specialized in digital distribution. The bow-tied Estonian captivated the audience with his straight speech, the polar opposite of the classic politician’s. Here are abstracts from my notes:

“At the [post-independence] time, the country, plagued by corruption, was rather technologically backward. To give an example, the phone system in the capital [Tallinn] dated back to 1938. One of our first key decisions was to go for the latest digital technologies instead of being encumbered by analog ones. For instance, Finland offered to provide Estonia with much more modern telecommunication switching systems, but still based on analog technology. We declined, and elected instead to buy the latest digital network equipment”.  

Estonia’s ability to build a completely new infrastructure without being dragged down by technologies from the past (and by the old-guard defending it) was essential to the nation’s development. When I later asked him about the main resistance factors he had encountered, he mentioned legacy technologies: “You in France, almost invented the internet with the Minitel. Unfortunately, you were still pushing the Minitel when Mosaic [the first web browser] was invented”. (The videotext-based system was officially retired at last in… 2012. France lost almost a decade by delaying its embrace of Internet Protocols.)

The other key decision was introducing computers in schools and teaching programming on a large scale. Combined to the hunger for openness in a tiny country emerging from 45 years of Soviet domination, this explains why Estonia has become an energetic tech incubator, nurturing big names like Kazaa or Skype (Skype still maintains its R&D center in Tallinn.)

“Every municipality in Estonia wanted to be connected to the Internet, even when officials didn’t know what it was. (…) And we played with envy…. With neighbors such as Finland or Sweden, the countries of Nokia and Ericsson, we wanted to be like them.”  

To further encourage the transition to digital, cities opened Internet centers to give access to people who couldn’t afford computers. If, in Western Europe, the Internet was seen as a prime vector of American imperialism, up in the newly freed Baltic states, it was seen as an instrument of empowerment and access to the world:

“We wanted a take the leap forward and build a modern country from the outset. The first public service we chose to go digital was the tax system. As a result, not only we eliminate corruption in the tax collection system — a computer is difficult to bribe –, but we increased the amount of money the state collected. We put some incentives in: When filing digitally, you’d get your tax refund within two weeks versus several months with paper. Today, more than 95% of tax returns are filed electronically. And the fact that we got more money overcame most of the resistance in the administration and paved the way for future developments”. 

“At some point we decided to give to every citizen a chip-card… In other words, a digital ID card. When I first mentioned this to some Anglo-saxon government officials, they opposed the classic ”Big Brother” argument. Our belief was, if we really wanted to build a digital nation, the government had to be the guarantor of digital authentication by providing everyone with a secure ID. It’s the government’s responsibility to ensure that someone who connects to an online service is the right person. All was built on the public key-private key encryption system. In Estonia, digital ID is a legal signature.The issue of secure ID is essential, otherwise we’ll end-up stealing from ourselves. Big brother is not the State, Big Brother lies in Big Data.”

“In Estonia, every citizen owns his or her data and has full access to it. We currently have about 350 major services securely accessible online. A patient, never gets a paper prescription; the doctor will load the prescription in a the card and the patient can go to any pharmacy. The system will soon be extended to Sweden, Denmark, Finland, Norway, as our citizens travel a lot. In addition, everyone can access their medical records. But they can chose what doctor will see them. I was actually quite surprised when a head of State from Southern Europe told me some paper medical records bear the mention “not to be shown to the patient” [I suspect it was France...]. As for privacy protection, the ID chip-card works both ways. If a policeman wants to check on your boyfriend outside the boundaries of a legal investigation, the system will flag it — it actually happened.” 

As the Estonian president explained, some good decisions also come out of pure serendipity,:

“[In the Nineties], Estonia had the will but not all the financial resources to build all the infrastructure it wanted, such as massive centralized data centers. Instead, the choice was to interconnect in the most secure way all the existing government databases. The result has been a highly decentralized network of government servers that prevent most abuses. Again, the citizen can access his health records, his tax records, the DMV [Department of Motor Vehicles], but none of the respective employees can connect to another database”.

The former Soviet Union had the small Baltic state pay the hard price for its freedom. In that respect, I recommend reading CyberWar by Richard Clarke, a former cyber-security advisor in the Clinton administration, who describes multiple cyber-attacks suffered by Estonia in 2007. These actually helped the country develop skillful specialists in that field. Since 2008, Tallinn harbors NATO’s cyber defense main center in addition to a EU large-scale IT systems center.

Toomas Hendrik Ilves stressed the importance of cyber-defense, both at the public and private sector level:

“Vulnerability to a cyber attacks must be seen as a complete market failure. It is completely unacceptable for a credit card company to deduct theft from its revenue base, or for a water supply company to invoke cyber attack as a force majeure. It is their responsibility to protect their systems and their customers. (…) Every company should be aware of this, otherwise we’ll see all our intellectual property ending up in China”. 


Privacy: You Have Nothing To Fear


Pervasive sensors and IP connections, coupled with the “infinite” storage and computing power in the Cloud, threaten our privacy. We need to defend ourselves and get control of our personal data amassed by private companies and government agencies.

Optimists and pessimists may inhabit opposing camps, but they do have one thing in common: Their inclinations lead to behaviors that verify their prophecies. I’ve chosen my side: I’m an optimist and have been rewarded accordingly. As a reminder of my attitude, to make sure that the occasional frustrations don’t derail my determination, I keep a little figurine from the Provençal Crèche (Nativity Scene) on my desk. He’s called Lou Ravi, the Enraptured One:

The traditional characterization is that of a gent who wanders the world, innocently marveling at the simplest of miracles. (At times, I wonder if he isn’t just a polite version of the village idiot.)

Recently, a seemingly trivial incident cast a shadow over my life-long optimism, an event that awakened dark thoughts about technology’s impact on our privacy.

As I’m driving on the A10 not-so-freeway towards the Loire châteaux, I see my license plate displayed on a sign that tells me that I’m exceeding the speed limit (130kph, about 80mph). This is novel… where we used to have an anonymous flashing nag, now we’re individually fingered. On the one hand, it’s certainly more helpful than a broad, impersonal warning; on the other, it’s now personal.

Stirred from my enraptured stupor, I start counting other ways in which we’re targeted.

Staying within the realm of license plates, we have an official, Wikipedia-sanctioned acronym: ALPR, the Automatic License Plate Reader, a device that’s used (or mis-used) by municipalities to scan every vehicle that enters the city’s limits. An ALPR system is already operational in ritzy Tiburon just north of the Golden Gate Bridge, and it’s being considered in ritzier Piedmont, an island of wealth surrounded by Oakland. The NYPD has used mobile license plate readers to build a “database of 16 million license plates, along with locations where the car was spotted”. (A Google search for Automatic License Plate Reader yields more than 1M hits.)

We also have various flavors of “event data recorders” in our cars. Similar to a plane’s black box, an EDR can regurgitate the sequence of events that preceded a crash. According to the NHTSA (National Highway Traffic Safety Administration), 96% of all 2013 vehicles carry such a device and there is a proposal to make them mandatory in 2015 models.

Insurance companies see the EDR as an opportunity to better evaluate risk so they can offer lower premiums to good drivers. Privacy advocates are concerned that the data could be used for less benevolent purposes:

Though the information is being collected with the best of intentions – safer cars or to provide drivers with more services and conveniences – there is always the danger it can end up in lawsuits, or in the hands of the government or with marketers looking to drum up business from passing motorists.

Again, if you Google “car black box recorder”, you get about 6M hits and a wide range of third-party devices. Some come with a dashboard camera such as we see in American patrol cars (and that have been adopted by a huge number of Russian drivers); others plug into the OBD-II (On-Board Diagnostic) connector that’s present on all modern cars. Combined with accelerometers and precision GPS recording, these draw a very accurate picture of everything we do at the wheel, where, when and how.

It’s not all sinister: With appropriate software, weekend track drivers can visualize and analyze their braking, acceleration, and effective use of apexes. Still, the overall picture is one of omnipresent surveillance. And I’m certainly not encouraged when I read that “anyone with a handheld scanner and access to the port under your steering column can download a wealth of information about your vehicle.”

The regard for privacy that’s demonstrated by the public sector — the government agencies that can have an enormous impact on our lives — is also less than encouraging. We now realize that the IRS reads our email without requiring any authorization or judicial supervision; the DEA complains about iMessage encryption; we have National Security Letters that confer broad and little-supervised snooping powers to US government agencies.

On the private side, Google, Facebook, and cellular carriers amass and trade on our personal data, again, with little or no practical oversight. Try asking any of these companies what sort of information they have on you, to whom they sell it, and if you can have a peek at it.

The litany goes on: Escalating healthcare expenditures give insurers equally escalating incentives to acquire personal behavior data in order to improve their risk calculation (and reject claims). We’re photographed, videoed, and, now, face-recognized everywhere. Try counting the cameras that see you on the street, in stores, elevators, offices.

When we worry about such practices, we get the sort of rote retort infelicitously typified by Eric Schmidt: “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

Sure, if you have nothing to hide, you have nothing to fear. All you need to do is lead a pristine life. Drive carefully; wait for the green light before you cross the street; eat a balanced diet; don’t take, view, or exchange the wrong pictures; don’t consort with undesirable people; don’t say or write bad words; don’t inhale the wrong smoke…

This is unrealistic.

If there is nowhere to hide, how can disagreements safely ferment in political life, at work, in relationships? By definition, change disturbs something or annoys someone. And, moving to paranoia, or full awareness, the age-old question arises: Who will guard us from the guardians?

Returning to my now slightly-strained optimism, I hope we’ll support the people and organizations, such as the ACLU and many others, who work for our privacy, and that we’ll use our votes to unseat those who sell us out to private and state encroachers. We can start with demanding a handle on who has what data on us. Playing on Habeas Corpus, it’s already called Habeas Data.

I’m curious to see what Google, Verizon, Orange, Facebook, Amazon and many others know about me. Insights await…