Security and privacy often seen as two different sides of a coin. It is perceived as two separate issues where one could not make both choices at the same time, like either or thinking. In this scenario, when one chooses security, one must let go privacy and the other way around. This is due to many narratives shown lately that made people divided between two different extremes. In this post, I would like to explore that this is not the case.
There are abundant examples support this either or thinking. Arguments from security experts often put privacy as ‘a mere abstraction, a luxury with little concrete value’ that one must let go when national security arises, like two examples I cited below,
February 2016, Apple received a court order to unlock cell phones whose data were encrypted. This is a follow up action after a massive shooting at the San Benardino, USA. There were three shooters and the two shooters have damaged their personal cell phone. Only one left and he was using iPhone 5C. Apple denied the order with privacy as its shield, even published a comment a day before deadline. The negotiation was not in favour for government and later on, they were using a software to crack the phone.
July 2017, government of Indonesia blocked Telegram web messaging after intelligent information regarding the use of telegram for terrorism purposes. The government requested Telegram to immediately act upon that or else they would blocked the entire Telegram app. After a series of negotiation including a visit made by Telegram’s CEO to Indonesia, this issue was settled. Telegram web messaging re-opened and Telegram promised to do further action on this.
I would like to show you though it is complex, but both security and privacy can work as best friend forever, meaning, supporting each other. Both are choices that one can make together and both are equally important for sustainability of the Internet.
Privacy is a human rights principle. Privacy received its acknowledgement since the Universal Declaration of Human Rights and International Covenants. ‘Privacy underpins human dignity and other key values such as freedom of association and freedom of speech.’ This means privacy does give sense of safety for users to interact on the Internet. Users feel safe when the platform protects your privacy because users can have a significant degree of freedom in communications and expressions with other. This level of safety is important because without it, users will limit themselves in using Internet and no longer comfortable.
Security more often has tangible impact rather than privacy. Security impact seems so immediate that if we do not make decision right now, we could regret after seeing the consequences. This is true in some cases. Therefore, implementing security could look very legitimate even when the decision has to compromise privacy. But please consider a longer impact. Having privacy being compromised over and over can cause a very low level of privacy. Internet with little privacy means we provide a highly fertile field for a perpetrator to conduct cybercrimes.
On the other hand, we could not ignore the possible impact when, for example national security is on the brink. We can put security as first priority while at the same time develop transparent and accountable system on how we want to implement it. Transparent and accountable principles are non-negotiable for the system to work because those principles can guarantee some level of trust from users. Decision makers tend to be more accountable if they know they are being watched and at the same time, users are more comfortable because they exactly know where the process is.Trust can be earned with transparent and accountable system.
Another point we can try is developing security-privacy literacy to the users. Many literatures have shown that the weakest link to security lies in users. Many breaches coming from the negligence of users over their own personal data. Users sometimes give unnecessary personal information, or without their consent, to certain apps that can jeopardize their own well beings (e.g. Cambridge Analytica with Facebook case). Understanding that their personal action may have consequences over their own security and privacy can help to make these two works in many ways.
There is a hope that we can reframe the privacy and security debate as issues that can work together, even one existence can strengthen the other. I do believe that privacy and security have many ways to start becoming best friend forever. ###