Few information security experts will argue that personal privacy rights have slowly eroded over the last few hundred years in the United States. In the past two decades, following the terrorist attacks of 9/11/01 in the United States, they eroded exponentially. That attack plucked a note of fear the likes which many Americans had never experienced, but which are almost the norm in other countries. But it happened to us, the US, and as a beacon of freedom, democracy, opportunity, and liberty the world watched in horror, mourned, raged, and vowed support. We held a position of great responsibility, and our approach to such an egregious sucker punch was swift, and we toppled nations, fought wars, and passed laws. Laws driven by emotions rather than logic and reason. The legislative response was to militarize data gathering, and to hack everything, monitor everywhere, and justified by statements like the one in the title of this blog entry, "If you have nothing to hide, then you have nothing to fear." This argument is fallacy. Privacy is not evil, it is a piece of our humanity. It was included in our Bill of Rights for this reason and I would pit any of the writers of the United States Constitution and the Bill of Rights against our current legislatures in a debate over privacy, and I assure you they would crush modern politicians in the debate. The Bill of Rights Amendment 4 (Article IV) is clear about what can and cannot be done when it comes to my Government searching and seizing us or our stuff. The article is timeless, it's a basic human right to have privacy in our persons, during procreation for example, or when changing clothes. It's fair that my home where I feel comfortable and safe, or should feel this way, be private. I do not want or need everyone knowing what merchandise I have, or where I keep valuables. It makes sense that my spoken words, letters, emails, pictures, digital or physical, are secure. They are personal, private, and if I want them out in the public, I post them myself. This article states these are secure against unreasonable searches and seizures, and shall not be violated, and no Warrants shall issue, BUT upon probable cause with supported testimony and describing what will be searched and where. Article [IV] (Amendment 4 - Search and Seizure) The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Did 9/11/01 change everything? Yes. We cannot ignore growing terrorist threats in other nations who threaten our security. We must rethink our approach allowing military applications of unwarranted spying and collection of information against civilians and ensure they are targeted. We must rethink our laws and actions and not let fear dictate our laws and actions. We let the only real tool terrorists have, beat us, fear. Fear eroded our sense of freedom and safety. We responded by violating our sacred principles, our rights. Terrorists know they cannot win against our economy, our military, our police. They know they can only strip away all of our freedom, liberty, and privacy incrementally by inciting fear. Our elected officials should not be afraid to fix this, and we can fix this. It took a lot of bright people, debating civilly, a long time to come up with a Bill of Rights. They didn't rush it, they were meticulous. There's no valid reason to throw it away because we're afraid; especially given that I don't recall hearing about any massive terrorist attacks being stopped in the 17 years since 9/11 here in the US. Even though there remains egregious violations of civilian privacy; and I assure you that any thwarted attack would be touted publicly if it were the case. Do I feel our military intelligence, police forces, and country's offensive and defensive agencies should be the best at violating privacy? When WARRANTED, hell yes! NSA/CIA/FBI I want you to do what you do best, and I will help you do it wherever I can when warranted. Spy the hell out of other nations, go ahead, get your spy on. We know you're the best, and I'm proud about it. It is a standard national practice, and always has been. Spying on our enemies balances the scales, because everyone does it. Hell spying on our allies even makes sense, in some circumstances, when warranted. FBI, you better be good at spying on criminals and suspected terrorists, that's your job and you've done pretty well at it. Please don't drown yourselves in unnecessary data and additional investigations when you don't have the people to investigate it all. Right now companies and corporations are gathering so much data that they can't analyze it, but they're keeping it. How the hell are we supposed to find the real threats against us through all that data? A great example, borrowed from Bruce Schneier's book Data and Goliath highlights the failures as a result of all this data gathering; specifically the Boston Marathon bombing, which by the way is AFTER we have a plethora of privacy violating activities happening. But spying on me and my wife getting frisky in the bedroom, or my children watching you tube on an iPad? I'm afraid I don't see the value. The Boston Marathon bombing was possible, because there is TOO much information out there being gathered, and real threats are lost in the ocean of data. The answer isn't more data gathering, it's more targeted data gathering, like we used to do, which Bruce Schneier nailed in his book again, I mean, really he is an expert. We need to trust experts when we don't know things, unless they violate that trust. George Orwell called, he wants to sue the US for infringing on his copyright for his plot in his book 1984...... I'm weary after hearing about more and more of my personal and private data getting leaked by whistle blowers and idiot employees, or stolen by Governments and hackers in cyber security breaches. OPM breach? Yup that was my data, I was a Federal worker and served in the Armed Forces. EquiFax? Yup that's my data, dammit. All these military-grade cyber attack payloads and personal data get leaked and utilized against us civilians and result in attacks such as the Wannacry ransomware attacks, Tax fraud, and bank accounts being drained.
Whenever we intentionally weaken our security in products and in technologies by embedding back-doors and weak security it destroys the world's faith in our ability to sell secure, safe computing equipment. The standards our Internet and digital security are based on are suspect. Not because of a whistle blower, but because it was done in the first place. There is no secret that can be kept, but for the one not spoken. Eventually, the secret gets out, or is independently discovered, and exploited. The worst part is we don't know who is exploiting it then; we are just wishin' and prayin' it's not found out by our enemies or criminals. Back doors, and weak cryptograhy will only harm our business further. Secretly coercing companies to share data without divulging the facts will only further diminish faith, and profits, in those companies. The really smart bad guys aren't going to use those businesses or services anyway, so adding them to your repertoire of leads is going to only aid in drowning yourselves in data, or as I experienced and shared with my team in my security operations while trying to analyze an overwhelming amount of network traffic logs, we were drinking from the fire hose of information. We can do better. Let's regroup. It's not working. Privacy IS important. If it weren't then the very people (the Mark Zuckerberg's and Eric Schmidt's) who claim it's gone wouldn't be buying isolated homes and trying increase the buffer zone between their home and the world. It's only gone if we let it be gone. I don't want to live in a world where I or my children can't use the restroom without fear of being recorded. The next time someone says, "If you have nothing to hide, then you have nothing to worry about" just nod and smile, and maybe give them a copy of Data and Goliath. Please. Stay safe, I'll do my part to help where I can, and God Bless America, and all of us. For what it is worth, the opinions expressed here are mine. I'm an American, I do what I can to help our country remain strong, militarily and on the civilian side too. I believe in loyalty to country, practicing kindness, tolerance, apologizing when wrong, and love. I am fallible, and make mistakes, like ALL of us. In some ways I am broken. Yet, I remain a loving father, husband, brother, son, and I'm most certainly still proud to be an American, and a human being.
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
AuthorI am a Doctoral Scholar at Colorado Technical University and a graduate of the Cyber Security Operations and Leadership program from the University of San Diego. I work in cybersecurity, and have accumulated twenty years in the IT industry. There are few IT roles I have not performed, which gives me great insights into making sense of all the IT confusion. Archives
February 2022
Categories
All
|