I'm amazed that we are ever asked to choose between security and privacy, as if those two concepts are mutually exclusive. Privacy is important, and so is security, and we don't have to give up one to get another. After all, the TSA could very easily start a biometric database of KNOWN terrorists and then compare those to anybody attempting to pass through security checkpoints. That doesn't require collecting or saving personal information about ordinary citizens, but if you get a match then you can pull the (stupid) terrorist aside and arrest or detain the individual as appropriate. It's kind of anti-authentication...if you don't present one of the passwords the system is looking for, you get in. Yeah, yeah, I know getting a biometric database of known terrorists isn't exactly an easy thing to do, and of course that won't stop people with "clean" backgrounds such as the college student assassination cell that was activated under orders from Abu Nidal to kill Col. Oliver North and his family. The opposite approach, which it sounds like the TSA is taking, is to have travelers prove they are a person who is not on the bad list before allowing them through. This can ultimately be ac! complished if the states implement highly tamper resistant driver's licenses and state ID's that can be used as part of an instant background check at the security checkpoints, and if your record is clean you get to pass through the security perimeter. There are pitfalls with both approaches. Anyway, I don't believe that security and privacy are mutually exclusive any more than security and "business" are mutually exclusive. In the real world, there is a cost to security, and here is where I think security practitioners and those on the receiving end of the security fail... I believe security practitioners provide ineffective solutions when they... (a) don't keep the big picture of risks in context, (b) don't consider enough the cost of their proposed solutions and the impact on that which they are trying to protect, (c) try to eliminate risk instead of managing it, and (d) don't think out-of-the-box Another side to this story that I believe is equally important is that those on the receiving end of security solutions tend to overreact when they... (a) wrongly fixate on the cost given for security as the cheapest that particular amount of security costs, (b) refuse to acknowledge the benefit of risk mitigation even though it can't eliminate risk, (c) fail to understand the right vs. privilege concept that Jimmy alluded to, and (d) undermine attempts to make the situation better in order to prove a point, as opposed to offering constructive counter-proposals Nobody ever said security was an easy business. Whether we're talking information security, physical security, or national security, the underlying challenges are the same: we have finite resources and can not possibly protect every everything we hold dear against every enemy, who is capable of striking at any time and via any method imaginable by the human mind. In business, we have the easier task, if that's supposed to be any consolation, because the worst that can happen is a terrible business mishap that costs the shareholders and perhaps others lots of money. In extreme cases, many lives could be financially ruined. However, when it comes to national security many lives are on the line. After all, no city is going to vaporize under a mushroom cloud if a company's information security program is inadequate. If you stop and consider your job as a security practitioner, imagine how challenging it would be if your job was to defend America against this new enemy we face. Okay, granted radical Islam has been waging a war we refused to acknowledge since the Iranians took hostages during the Carter administration, but it's relatively new compared to the Marxist enemy of the past century. Homeland security has only recently become a top national priority of the government, and I believe things will get better in time as long as we work with the government to make things better rather than just simply slinging mud and undermining honest good faith efforts to make America safer. Maybe the reason we get let down by our national leaders so much is that we hold them up to be infallible super humans, when in reality they are frail flawed mortals just like you and me? Anyway, I trust the current administration. Some of you may not, but I believe they are acting in good faith. You won't! find a stronger supporter of civil rights than John Ashcroft, and the proof of that is his staunch and unwavering support of the Right to Keep and Bear Arms. So to make a long story short, I don't think security and privacy are mutually exclusive. ...and, yes, anybody who claims to care about civil rights and liberties had darn well better respect and fight for the Right to Keep and Bear Arms. There's a reason why so many people consider it the First Freedom, and that is because it is the insurance policy that protects all the rest :) Greg Disclaimer: These are my opinions. I do not speak for my employer. -----Original Message----- From: Warren Harrison [mailto:warren@private] Sent: Monday, June 09, 2003 7:41 AM To: 'CRIME ' Subject: Re: CRIME Privacy Vs Security Glad everyone feels that way about our Constitutional guarantees. Especially the part about the "preserving our freedoms against an external threat". I assume the same goes for the Second Amendment? WH Kuo, Jimmy wrote: >"When your fist meets my nose." > >Not quite "never." But not too far away either. > >-----Original Message----- >From: Crispin Cowan >To: Shaun Savage >Cc: CRIME >Sent: 6/8/03 2:52 PM >Subject: Re: CRIME Privacy Vs Security > >Shaun Savage wrote: > > > >>Senator Wyden fights for privacy! >> >>The question I ask the group is "At what point does security out weigh >> >> > > > >>the privacy and freedoms that America should offer?" >> >> > >IMHO, approximately never. The only purpose in compromising our freedoms > >is to preserve our freedoms from an external threat. This is almost >never required, and almost always a mistake. And since the fall of the >Soviet Union, there basically is no external threat to our freedoms, >only to marginal amounts of property and small numbers of civilians. > >In no way what so ever are infringements on our liberties such as the >odious PATRIOT act justified by the meagre threat imposed by Osama bin >Laden and his shabby ilk. > >Crispin > > > >http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2003/06/08/MN253740.DTL > >Wyden is way down at the bottom. Good for Wyden; glad to see him showing > >some backbone against the administrations ham-fisted grabs at our civil >liberties. > >Crispin > > > -- ====================================================================== Warren Harrison, EIC/IEEE Software Magazine warren@private Department of Computer Science http://www.cs.pdx.edu/~warren Portland State University PHONE: 503-725-3108 Portland, OR 97207-0751 FAX: 503-725-3211
This archive was generated by hypermail 2b30 : Tue Jun 10 2003 - 00:16:04 PDT