Security vs. privacy: The endless fiery debate continues

There was general agreement at this week’s Cambridge Cyber Summit at MIT that it is imperative to find a balance between the often-competing needs of national security and individual privacy. But there was no agreement on what that balance would look like

The intractable nature of the “privacy vs. security” debate, in a world where the internet is a tool for criminals, spies and terrorists as well as for billions of law-abiding citizens, was on full display during Wednesday’s Cambridge Cyber Summit at MIT.

Not surprisingly, it didn’t get resolved.

The event, hosted by The Aspen Institute, CNBC and MIT, featured top-level government officials, private-sector experts and activists, who all agreed that there needs to be a “conversation” about how to “balance” the two, and that to achieve it will require more effective cooperation between the public and private sectors.

But there was no agreement about where that balance lies. About the best they could do, after some conversation that got chaotic at times, was agree that they should continue the conversation.

Admiral Michael S. Rogers, commander of the US Cyber Command and director of the National Security Agency (NSA) – perhaps the highest-profile participant of the day – told the gathering during the opening session that, “the sweet spot to me is how do we create a partnership between the private sector and the government where the best of both are brought together for a unified purpose.”

[ ALSO ON CSO: You are responsible for your own Internet privacy ]

He told interviewer Walter Isaacson, president and CEO of Aspen, that security at the expense of privacy or vice versa is, “not a great place for us to be. So, how do we find this middle ground?

“This is a tough challenge for us,” he said, acknowledging the increased level of mistrust in government following revelations like those of former NSA contractor Edward Snowden, and reports just this week that the US government had essentially conscripted Yahoo to scan emails in real time for key words.

Yahoo issued a statement Wednesday calling the report by Reuters “misleading.”

Isaacson noted that some elements of the conflict didn’t exist before the online world. “It used to be that nothing – the trunk of your car, your safe deposit box, your diary – was out of the reach of law if a court said it could be searched,” he said, while encryption levels are now at a point where in some cases government is unable to crack it.

That was famously illustrated earlier this year when the FBI insisted that Apple help the agency break into the iPhone of the deceased San Bernardino mass murderer. Apple CEO Tim Cook said that would be like introducing a “cancer” that would compromise all users.

But Rogers said he found it both puzzling and frustrating that there doesn’t seem to be much public opposition to court approvals of warrants for law enforcement or intelligence to access the telephone communications of certain individuals, but there is much more strenuous objections to the same thing regarding emails.

“I'm still trying to work my way through personally, what is the difference?” he said. “But we've got to have this conversation. We cannot vilify each other.

“It isn't that one side is good and one side is bad. We're trying to make sure that these two incredibly foundational imperatives for us as a country are executed in a way that the one doesn't undermine the other.”

Still, Rogers never said specifically how he thought that should be done.

And just how difficult resolving it continues to be was illustrated about an hour later, in a panel titled, “Privacy vs. Security: Beyond the Zero-Sum Game,” where the debate got so intense at times, with participants talking over one another, that it started to sound a bit like the vice-presidential debate the previous evening between Republican Gov. Mike Pence and Democratic Sen. Tim Kaine.

The declaration by Glenn Gerstell, NSA general counsel, that, “encryption is here to stay, and we support it,” drew open skepticism from Cindy Cohn, executive director of the Electronic Frontier Foundation (EFF).

She contended that the real agenda of the NSA is, “strong encryption that only we (NSA) have access to. It’s disingenuous,” she said. “You actually want privacy with an asterisk. That isn’t what the rest of us mean.”

She added that EFF knows the NSA, “stops computers before they are shipped to put back doors in them. They discover vulnerabilities and then don’t tell the companies about them.”

And that drew an openly scornful response from Stewart Baker, former assistant secretary for policy at the Department of Homeland Security (DHS) and currently a partner at Steptoe and Johnson. He accused EFF of being unwilling even to negotiate the balance between privacy and security.

“You’ve (EFF) campaigned for 25 years against every security measure proposed,” he said, adding that there has not been any federal regulation of encryption for all that time either. “Companies can offer any kind of encryption, and they do,” he said.

He also said the debate over back doors is essentially irrelevant, since they already exist. “Every device in this audience has a back door, so they can send you crappy U2 albums,” he said.

[ MORE: The economics of back doors ]

Cohn insisted that government is still able to get anything it wants from online communications. And she said when Apple resisted the FBI’s demand to help it jailbreak the San Bernardino killer, “they got treated like they were a perp on the street.”

She and others said the interests at stake would better be called “security vs. security,” in that people deserve to have their physical safety protected, but also to be secure from government surveillance of their communications.

Gerstell acknowledged that there is, “obviously tension between those two missions. We’re looking to create more safety, but we also need to look at national security,” he said.

“This illustrates why we need a debate,” he said. "We shouldn’t demonize either side.”

In other words, keep the conversation going.

Join the CSO newsletter!

Error: Please check your email address.

More about AppleCNBCCSOEFFElectronic Frontier FoundationFBIMITNational Security AgencyNSAYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts