Balancing Act Between Privacy and Security

Thursday, June 13, 2013

Jarno Limnéll


Detailed news about the global data acquisition methods used by the United States bring up one of the key sources of tension in today’s modern democratic societies: the need to balance between privacy and security.  Both are mandatory – and necessary. Privacy is inherent in our contemporary understanding of democracy, whereas security requires intelligence. The challenge lies in being able to find the right balance while avoiding excesses.

The newly published information should not be ignored. The court order requiring Verizon to hand over customer data, PRISM and Obama’s Presidential Policy Directive 20 all reflect the same difficulties in finding a balance. Citizens’ private information and correspondence are being scrutinized in the name of collective security. At the same time, the legitimacy of intelligence depends on democratic consent/consensus and calls for the protection of individual rights. The risk brought by excess is that the state uses security as an excuse to ignore cyber issues from the public discussion and, in the worst case, turns authoritarian. On the other hand, lack of sufficient information makes one prone to surprises.

The challenge of finding the right balance is centuries old. In the cyber world, it has just acquired a new form and scale. It is natural that intelligence and security players operate in the common space shared also by people and information. The changing world opens new opportunities to the aforementioned players and the society itself demands continuous presence in the cyber world. Most commonly, these demands are presented in the name of collective security as it would be denounced irresponsible if the intelligence and security actors did not screen the cyber world. PRISM is only likely to be the tip of the iceberg for many actions in the networks we are not even aware of.

Making a distinction between public and private is not an easy task. In addition, the difference on the public-private axis is dependent on historical grounds.  The war against Terrorism moved the line clearly towards stronger state secrecy and weakened privacy. At the same time, the world became aware of both vulnerabilities and opportunities inherent in the cyber world. Over the past few years, nation- states have allocated more and more resources to the development of cyber collection and both offensive and defensive cyber warfare capabilities. We only hear about the results of these development programs when they are utilized in public, as is the case with Stuxnet, or leaked to the media. Most often we do not hear of them at all.

Only the whistleblowers themselves know their motives for handing over information to Wikileaks or newspapers. Nevertheless, it is fair to interpret these actions as some kind of reaction against tightening cyber surveillance and the securitization of the cyber world. The fear of deteriorating privacy protection has strengthened the demands for transparency in state administration and in its agreements with 3rd parties.

It is important and desirable that the potential excesses of state intrusion on citizens’ private data are brought into daylight. However, a different question is what are the acceptable channels through which information finds its way into public discussion or how detailed it is. Nonetheless, the right balance between surveillance and privacy or freedom of speech can only be set in public discussion. Today’s definition of democracy already requires this. In addition, the rules of the cyber game are to be established and confirmed on the same arena.

The United States is not an exception amongst modern democratic societies. On the contrary, all these societies struggle with the similar kind of tension between privacy protection and societal security. Therefore, it is only desirable that active discussion on the topic takes place on many arenas everywhere.

Possibly Related Articles:
Privacy NSA Surveillance PRISM
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.