What is the right balance between security and privacy?
This is a common starting point in many policy discussions, especially in government. It’s a trick question because it presents the conversation as a balancing act between two values as if they are antithetical. They are not.
In practical terms, privacy is security. It is the first thing a security professional learns as part of the Confidentiality-Integrity-Availability “CIA” acronym. Privacy is the individual’s confidentiality control.
Part of the reason we get into trouble when having these discussions is that most people confuse trust with identity. In our immediate surroundings, identity is the only basis of trust. I trust those I know. But in a larger and interconnected world, I cannot know everyone I need to trust, so I have to use references. I ask my neighbors if they know a good plumber and use their trust as a proxy to extend my trust. Do I care if the plumber is John or Suzy? If they bank with CorpBank or if they are licensed to drive? Not really.
In an even broader context I use other proxies for trust. I check an eBay seller’s “feedback” rating, I read product reviews by consumers on Amazon. I read with interest the opinions of blogger “Jerome” on the price of oil because of his track record. Yet truly, I have no idea if Jerome is a he, or if the alias Jerome is “his” real name.
If I need more trust in a transaction I look for “attestation” by a trusted organization. The DMV has attested that I can drive. Fair Isaac has attested that I pay my bills with a confidence level above 750 out of 800. As a society we hope that both the DMV and FICO have a reliable process that leads to predictable results.
But it’s important to differentiate between the narrow aspect of identity they validate (attestation) and the identity itself. If the DMV says I can drive, what difference does it make if my last name is unpronounceable and Greek-sounding? As long as the fact that I am licensed to drive can be securely associated with my person then my name, address and all that other info is irrelevant. Worse, it is a liability because every time I pull out an ID that is “comprehensive” I reveal far more than necessary for a specific transaction.
With advances in cryptography and in an increasingly online world, we don’t have to expose our full identities just to attest to a single fact. No one needs to know my birthday to buy my toaster on eBay. If we differentiate between identity, attestation and trust we can actually achieve both privacy and security. In fact, the more privacy we have, the more secure we can all be.