The Myth of Privacy vs. Security

A mere five weeks into the new year, the 2015 state actor has repeatedly demonstrated its willingness to sacrifice privacy in the name of security.

On January 12, British Prime Minister David Cameron insisted that government surveillance of online communications is necessary to keep its citizenry safe in an era of increased terrorist threats: “But the question remains are we going to allow a means of communication where it simply isn’t possible to [access a message’s content]? And my answer to that question is no we must not. The first duty of any government is to keep our country and our people safe. The attacks in Paris once again demonstrated the scale of the terrorist threat that we face and the need to have robust powers through our intelligence and security agencies and policing in order to keep our people safe.”

The following day, in a speech to the National Assembly, French Prime Minister M. Manuel Valls similarly declared, “The fight against terrorism requires vigilance at all times. We must be able to continuously monitor all convicted terrorists, know where they live and monitor their presence or absence.” A week later, Valls announced the creation of 2,500 counterterrorist jobs as well as a forthcoming bill to reevaluate the legal structures surrounding French surveillance and intelligence operations.

In both cases, responses have come from a variety of sectors, but the message has been singular: there is no greater threat to security than that of compromised privacy. Cybersecurity expert Graham Cluley knows that there is simply no way to give government access to communication without also leaving it vulnerable to hackers; he countered Cameron’s proposal by acknowledging that “regular consumers and businesses will be put at risk if secure messaging systems are backdoored.” From a national security perspective, former French Prime Minister Francois Fillon warned, "This must not lead to the renouncing of fundamental freedoms, otherwise we prove right those who come to fight on our soil.”

If their critics’ warnings are not enough to stop Cameron and Valls from following through on current proposals, perhaps the international community’s response to China’s new cybersecurity policies should be. In late 2014, under the stated aim of strengthening cybersecurity, the Chinese government developed regulations that called for foreign companies selling technology to Chinese banks to share source code and build accessible ‘backdoors’ into the technology.   

On January 28, rather than comply or abandon the Chinese market, 18 United States business lobbies submitted a formal letter urging China to postpone implementation of the regulations in order to allow for dialogue with all involved stakeholders. As the letter recognized, “Our concern is not with the goal of enhancing security, but the means to reach it.  An overly broad, opaque, discriminatory approach to cybersecurity policy that restricts global internet and ICT products and services would ultimately isolate Chinese ICT firms from the global marketplace and weaken cybersecurity, thereby harming China’s economic growth and development and restricting customer choice.” Much like Cameron and Valls, Chinese President Xi Jinping wrongly equated compromised privacy (and isolation) with increased security. 

The nature of cybersecurity requires that countries see themselves as members of a composite rather than as individual actors. As such, no one government can be entrusted with secure information. China tried to position itself as an omnipotent, unilateral actor and now finds the world saying no. Let David Cameron and Manuel Valls take note that in the current climate of cybersecurity, one country cannot guarantee its security by infringing upon the privacy of its citizenry and one man cannot succeed if the rest of the world has stopped listening.