Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Bruce Schneier's Crypto-Gram, 15 Feb 2008

Bruce Schneier's Crypto-Gram, 15 Feb 2008

Ratings: (0)|Views: 163|Likes:
Published by JP

More info:

Published by: JP on Feb 16, 2008
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as TXT, PDF, TXT or read online from Scribd
See more
See less





CRYPTO-GRAMFebruary 15, 2008by Bruce SchneierFounder and CTOBT Counterpaneschneier@schneier.comhttp://www.schneier.comhttp://www.counterpane.comA free monthly newsletter providing summaries, analyses, insights, andcommentaries on security: computer and otherwise.For back issues, or to subscribe, visit<http://www.schneier.com/crypto-gram.html>.You can read this issue on the web at<http://www.schneier.com/crypto-gram-0802.html>. These same essaysappear in the "Schneier on Security" blog:<http://www.schneier.com/blog>. An RSS feed is available.** *** ***** ******* *********** *************In this issue:Security vs. PrivacyMySpace and U.S. Attorneys General Agree to Fight SexualPredatorsAnti-Missile Technology on Commercial AircraftNewsLock-InHacking Power NetworksSchneier/BT Counterpane NewsMujahideen Secrets 2TSA NewsDHS Warns of Female Suicide BombersGiving Drivers Licenses to Illegal Immigrants** *** ***** ******* *********** *************Security vs. PrivacyIf there's a debate that sums up post-9/11 politics, it's securityversus privacy. Which is more important? How much privacy are youwilling to give up for security? Can we even afford privacy in this ageof insecurity? Security versus privacy: It's the battle of the century,or at least its first decade.In a Jan. 21 "New Yorker" article, Director of National IntelligenceMichael McConnell discusses a proposed plan to monitor all -- that'sright, *all* -- Internet communications for security purposes, an ideaso extreme that the word "Orwellian" feels too mild.
The article contains this passage: "In order for cyberspace to bepoliced, Internet activity will have to be closely monitored. EdGiorgio, who is working with McConnell on the plan, said that would meangiving the government the authority to examine the content of anye-mail, file transfer or Web search. 'Google has records that could helpin a cyber-investigation,' he said. Giorgio warned me, 'We have a sayingin this business: "Privacy and security are a zero-sum game."'"I'm sure they have that saying in their business. And it's preciselywhy, when people in their business are in charge of government, itbecomes a police state. If privacy and security really were a zero-sumgame, we would have seen mass immigration into the former East Germanyand modern-day China. While it's true that police states like those haveless street crime, no one argues that their citizens are fundamentallymore secure.We've been told we have to trade off security and privacy so often -- indebates on security versus privacy, writing contests, polls, reasonedessays and political rhetoric -- that most of us don't even question thefundamental dichotomy.But it's a false one.Security and privacy are not opposite ends of a seesaw; you don't haveto accept less of one to get more of the other. Think of a door lock, aburglar alarm and a tall fence. Think of guns, anti-counterfeitingmeasures on currency and that dumb liquid ban at airports. Securityaffects privacy only when it's based on identity, and there arelimitations to that sort of approach.Since 9/11, approximately three things have potentially improved airlinesecurity: reinforcing the cockpit doors, passengers realizing they haveto fight back, and -- possibly -- sky marshals. Everything else -- allthe security measures that affect privacy -- is just security theaterand a waste of effort.By the same token, many of the anti-privacy "security" measures we'reseeing -- national ID cards, warrantless eavesdropping, massive datamining, and so on -- do little to improve, and in some cases harm,security. And government claims of their success are either wrong, oragainst fake threats.The debate isn't security versus privacy. It's liberty versus control.You can see it in comments by government officials: "Privacy no longercan mean anonymity," says Donald Kerr, principal deputy director ofnational intelligence. "Instead, it should mean that government andbusinesses properly safeguard people's private communications andfinancial information." Did you catch that? You're expected to give upcontrol of your privacy to others, who -- presumably -- get to decidehow much of it you deserve. That's what loss of liberty looks like.It should be no surprise that people choose security over privacy: 51 to29 percent in a recent poll. Even if you don't subscribe to Maslow'shierarchy of needs, it's obvious that security is more important.Security is vital to survival, not just of people but of every livingthing. Privacy is unique to humans, but it's a social need. It's vitalto personal dignity, to family life, to society -- to what makes us
uniquely human -- but not to survival.If you set up the false dichotomy, of course people will choose securityover privacy -- especially if you scare them first. But it's still afalse dichotomy. There is no security without privacy. And libertyrequires both security and privacy. The famous quote attributed toBenjamin Franklin reads: "Those who would give up essential liberty topurchase a little temporary safety, deserve neither liberty nor safety."It's also true that those who would give up privacy for security arelikely to end up with neither.McConnell article from "New Yorker":http://www.newyorker.com/reporting/2008/01/21/080121fa_fact_wrighthttp://arstechnica.com/news.ars/post/20080117-us-intel-chief-wants-carte-blanche-to-peep-all-net-traffic.htmlor http://tinyurl.com/2xkwvuhttp://blog.wired.com/27bstroke6/2008/01/feds-must-exami.htmlTrading off security and privacy:http://www.huffingtonpost.com/ka-taipale/privacy-vs-security-se_b_71785.htmlor http://tinyurl.com/2gdqbnhttp://www.huffingtonpost.com/marc-rotenberg/privacy-vs-security-pr_b_71806.htmlor http://tinyurl.com/2hozm8http://findarticles.com/p/articles/mi_m0GER/is_2002_Winter/ai_97116472/pg_1or http://tinyurl.com/2yk23vhttp://www.rasmussenreports.com/public_content/politics/current_events/general_current_events/51_say_security_more_important_than_privacyor http://tinyurl.com/ypcen8http://www.scu.edu/ethics/publications/briefings/privacy.htmlhttp://www.csmonitor.com/2002/1015/p11s02-coop.htmlFalse dichotomy:http://www.schneier.com/crypto-gram-0109a.html#8http://www.wired.com/politics/law/commentary/circuitcourt/2006/05/70971Donald Kerr's comments:http://www.schneier.com/blog/archives/2007/11/redefining_priv.htmlRelated essays:http://www.schneier.com/essay-008.htmlhttp://www.schneier.com/essay-096.htmlhttp://www.schneier.com/essay-036.htmlhttp://www.schneier.com/essay-160.htmlhttp://www.schneier.com/essay-100.htmlhttp://www.schneier.com/essay-108.htmlhttp://www.schneier.com/essay-163.htmlhttp://arstechnica.com/news.ars/post/20080119-analysis-metcalfes-law-real-id-more-crime-less-safety.htmlor http://tinyurl.com/23h88dhttp://www.schneier.com/blog/archives/2007/09/more_on_the_ger_1.htmlhttp://www.schneier.com/blog/archives/2007/06/portrait_of_the_1.htmlhttp://www.schneier.com/blog/archives/2006/05/the_value_of_pr.html"This essay originally appeared on Wired.com.http://www.wired.com/politics/security/commentary/securitymatters/2008/01/securitymatters_0124or http://tinyurl.com/yr98nf

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->