Privacy vs. Security

Something true: I knowingly choose to take the risk of talking about my mental health publicly regardless of what current or future employers may think of that.

Not everyone has the same threat model as me, an established cis, white, straight man. Not everyone has that same fortune and might decide privacy IS security.

Privacy, in this sense, directly correlates to livelihood, safety, and security - because many employers have incorrect assumptions about people who experience mental health issues.

However, looking at this situation from a different lens, keeping my mental health private could cause an employer to make assumptions about my performance, attitude, or attendance.

One could argue that sharing this information might lead an employer to access resources for me, improve policies, update workplace culture, give me the professional support I need to accomplish tasks, and generally approach me in an understanding and compassionate way, which would lead me to have a healthier relationship with work overall.

Tricky right? Which side of the fence are you on here? I don’t know if there’s a right or wrong, but I know it’s worth exploring.

So let’s get vulnerable.

The Interplay of Security and Privacy

Security vs. Privacy

Let’s unravel the intricate dance between security and privacy. It’s a delicate tightrope act, where safeguards against cyber threats often trample upon our privacy rights. And our right to privacy might be the thing that hurts us.

We’ve witnessed the relentless struggle to uphold security and privacy throughout history. From the dawn of surveillance in societies to the emergence of digital ecosystems, our personal information has become a coveted commodity. With each advancement in security measures, a piece of our privacy can slip away, lost in the name of collective safety.

In 2014, my friend Robert Hansen gave a talk on this subject. A lot has changed since then, but the crux of the thought experiment remains the same: how do we decide what is more important, privacy or security, when each relies on the other’s degradation?

Or can we truly have both?

Does it require we consider each situation independently and decide on a case-by-case basis? In his talk, Robert poses straightforward questions highlighting how enmeshed these two principles are.

  1. Why do you close the bathroom door?
  2. Why do you close the curtains when you’re changing?
  3. Why would you keep medical details from your boss?

You might close the bathroom door so others won’t see you undressing or going potty (I’m a dad to a toddler, so yeah, I said potty). You might also do this because you have heard of assaults happening in public restrooms or know that public urination is an actual crime and getting arrested isn’t on your bucket list.

Closing the curtains might be about privacy while you’re getting dressed, but you also don’t like having other people see what’s in your room, ripe for the taking. Same reason I’ve kept my valuables under a seat or in the glove box, or most likely with me and not in the car at all. I don’t need to advertise to criminals that I have things they might want.

Another example Robert gives is Strict Transport Security, aka HSTS. For those who don’t know what that means, it is essentially the “s” in the “HTTPS” that prefixes web addresses. When websites have this in front of them, it means the encryption certificate of that site is intact. However, HSTS, which enforces an HTTPS connection, can also lead to serious privacy concerns. From Wikipedia: “HSTS can be used to near-indelibly tag visiting browsers with recoverable identifying data (supercookies) which can persist in and out of browser “incognito” privacy modes.” Not a great trade-off, as it turns out.

As we continue to deepen our dependence on technology, privacy is quite an elusive concept.

But I’ve Got Nothing to Hide

This is an argument I hear a whole lot when talking to people outside of my industry. “Go ahead, FBI agent, look at my pictures of my dog and my boring work emails.”

Besides this missing the point of personal privacy, you and everyone in your family have some things best kept private.

Many things are common in society that are currently illegal or were at one point.

  • Alan Turing, the father of modern computing, was chemically castrated by his government for being homosexual, something he tried hard to keep private.
  • Drugs used today by many worldwide are varying degrees of criminal, no matter your medicinal reason for using them.
  • Piss off the wrong online troll on the wrong day for merely existing, and you can become a victim of cyberstalking, where privacy is your first line of defense.
  • Do you ever play a round of poker with your friends? Well, that’s an illegal gambling ring if I was a bored enough cop with a reason to want you tied up with some trouble.

You get the point.

Edward Snowden

The Psychological Impact of Constant Monitoring

To pull on a cliche for a moment, imagine living in a world where Big Brother watches your every move, the eyes of surveillance omnipresent. The psychological consequences of constant monitoring are genuine.

Research illuminates the sad truth: the pervasive presence of surveillance fosters a breeding ground for mistrust and anxiety. It’s the perfect recipe for an emotional cocktail of fear, self-censorship, and an unsettling sense of being constantly scrutinized.

Who needs personal autonomy when we have the constant companionship of paranoia?

There is an oppressive feeling of being trapped in the realization that one’s every action is being monitored.

My devices urgently insist that I need something I don’t have. Or that I should desire something I’ve never wanted before. The power of ads and algorithms is astonishing. They’ve got quite the grip on my personality and, of course, my pocket.

That doesn’t feel good. Knowing that my information is being used to get me to buy things hardly feels redeemable.

Then there’s something else that’s true. I love everything I’ve ever bought on a social media ad. Let’s just all sit and stew on that a little.

The ads are effective. Of course, they are!

They know me so well.

Upton Sinclair

The Trade-Offs Between Personal Privacy and Collective Security

There’s a tug-of-war between personal privacy and the notion of collective security. It is convenient to trade one’s liberties for the elusive promise of safety. But let’s not be hasty—there are trade-offs to consider.

In this compromise, we find ourselves at the crossroads of personal autonomy and the greater good. Sacrificing a morsel of privacy may seem noble when framed as a necessary evil for public safety.

But how much of our privacy are we willing to surrender, and to what end? Are we bartering away our fundamental rights, or is there a method to this madness?

Today my Tesla prompted me to choose privacy settings. One of which was about collecting all possible data from my drives. The justification was that it would help them create a SAFER driving experience. Here they are selling me on giving them my information, promising to keep me safer in the long run.

I’m not currently at risk, though. Certainly not more than I was before this prompt to share everything I’ve got. So did I agree? Do I get the illusion or possibly the genuine promise of safety?

Ethical considerations demand our attention and introspection. Are the intrusions into our private lives justified, or are we heading toward unchecked surveillance? We must approach these trade-offs with open eyes, questioning the motives behind each concession and demanding transparency from those who hold the reins. Otherwise, it’s just a purse left on the front seat of your car, ripe for the taking.

Finding the Right Balance

One solution lies in privacy-enhancing technologies, empowering individuals to reclaim control over their data. We can safeguard our privacy without compromising security by wielding encryption, anonymization, and other protective measures.

Legislation and regulations also play a pivotal role in carving the path to balance. We must demand robust legal frameworks that defend our privacy rights and enforce strict limits on data collection and surveillance practices. There has been legislation proposal after proposal drafted from those who barely understand how to connect to their home WiFi, fueled by fear, trying to make encryption illegal in messaging apps.

If you watch these hearings, an older generation is asking for backdoors “just for the good guys” so they can watch all of our private messages in search of the bad guys. This misses the entire point. Notwithstanding, that is not how math works.

Some of the latest news stories on this: Reuters - UK’s proposal to end encryption or Wired - Leaked EU docs show Spain looking to outlaw encryption

Finding the right balance requires open dialogue, public awareness, and collective efforts. Let us remember that this effort is not solely about preserving our freedoms—it is about shaping a world that values privacy and security, where individual liberties coexist with collective well-being.

Join the Newsletter

Every Friday, I'll send you the latest edition of Vulnerable U - My free newsletter with a mini blog topic, collection of the news I'm reading this week, and more!

Subscribe to get my best content. No spam, ever. Unsubscribe any time.

Privacy vs. Security
Older post

The Myth of Arrival

Balancing Personal Privacy and Professional Life: A Tech Perspective on why security and privacy don't always see eye to eye

Newer post

Finding Your Moat

Balancing Personal Privacy and Professional Life: A Tech Perspective on why security and privacy don't always see eye to eye

Privacy vs. Security