Privacy is Security

True security requires privacy, and that’s a good thing.

Without privacy, there is no such thing as security.  You can call systems and laws that do not account for privacy secure, but they are not.

One of the most vital aspects of securing any system is protecting it from internal attacks; that is, attacks due to the corruption of its actors.  Most systems ignore these threats, and they are all the more vulnerable for it.  If a system can be taken down by a lone actor that has privileged access, it is not secure.  Likewise, if your data can be leaked to Wikileaks by a lone actor, it’s not secure.

Simultaneously, the act of properly securing against such things removes the ability for a system to behave in an anti-human fashion.  This is because the abuse of authority that allows for harming people (eg, a private prison system that needs more prisoners and has the ability to get them through legislation) becomes impossible.  The same protections on privacy that thwart leaking also preclude deal-making that creates malformed laws or rules.

The level of conspiracy required to actually attack a secure system always requires that those that would be harmed give voluntary, informed consent.  They will almost never do so.

The systems that exist today are not secure, and most of the time that is by design: the parties that have ultimate responsibility for overseeing security are too enamored with their abilities to manipulate the systems for their own naive interests (which are actually against their true interests) to order proper security measures.

We will begin to see truly secure systems emerge in the next waves of web applications; distributed applications require a separation of concerns to function properly, and, when coupled with next-generation authentication, they move toward privacy (is security).


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.