Head Of Computer Security Firm Says Anonymity Is The Enemy Of Privacy
from the you-lost-me dept
We've seen it argued that privacy is a bad thing. People like former DHS official Stewart Baker have argued that the privacy-protecting efforts of civil liberties activists are the reason we're forced to be fondled and de-shod at TSA checkpoints. Not only that, he's tried to blame the 9/11 attacks on "rise of civil libertarianism." Unbelievably, we've also had a politician recently claim that your privacy isn't violated if you don't notice the violation.
We've also seen attacks on anonymity by (anonymous) police officers and a whole slew of pundits and politicians who believe the only thing online anonymity does is provide a shield for trolls, bullies and pirates to hide behind. Efforts have been made to outlaw online anonymity, but fortunately, very few laws have been passed.
Now, try wrapping your mind around this argument being made by Art Coviello, executive chairman of RSA Security and the head of EMC's security division. According to him, anonymity and privacy are at odds with each other.
A dogmatic allegiance to anonymity is threatening privacy, according to Art Coviello, executive chairman of RSA.On one hand, anonymity is slowing down the pursuit of online criminals. On the other hand, companies are increasingly wary of subjecting their employees to intrusive security software.
Coviello cast anonymity as the "enemy of privacy" because it gives "free reign to our networks to adversaries" with "no risk of discovery or prosecution."
Customers are caught in a Catch-22. They're afraid to deploy technology for fear of violating workers' privacy" even though security intelligence tools are ultimately the best way to protect personal information, Coviello argued.How Coviello arrives at the conclusion that anonymity is damaging privacy isn't exactly clear. It may be the enemy to security (or at least, unhelpful to retributive actions), but the online anonymity shielding crooks doesn't threaten users' privacy, at least not directly. Indirectly it could, but it wouldn't be anonymity's "fault." If Coviello wants attackers to be stripped of anonymity, there's little doubt he'd like to see clients' employees stripped of their privacy. Both would make his companies' jobs easier. Attackers would be easily identified and clients would received (arguably) better protection (thanks to more, non-anonymized data gathering). Win-win for security. Not so much for those who cherish privacy and anonymity.
This isn't exactly new ground for Coviello. He did some complaining about privacy at last year's RSA conference as well.
RSA executive chairman Art Coviello has criticised privacy advocates for basing their arguments on “dangerous reasoning”, comments that have already earned him a tongue lashing from Big Brother Watch and the Open Rights Group.
Coviello, whilst noting the need for privacy, lambasted privacy groups’ “knee jerk” reactions to public and private sector attempts to improve people’s security, pointing to the “insanity” of the situation, in a keynote to open the RSA 2012 conference in London this morning.
In Coviello’s view, privacy advocates are over-reacting to measures designed to protect online identities, preferring to live in a world of danger: “Because privacy advocates don’t realise that safeguards can be implemented, they think we must expect reasonable danger to protect our freedoms,” Coviello said.Not for nothing has someone noted that RSA is only a letter away from the United States' most notorious intelligence agency.
“But this is based on dangerous reasoning, a knee jerk reaction, without understanding the severity and scope of the problem.
“Where is it written that cyber criminals can steal our identities but any industry action to protect us invites cries of Big Brother.”
Coviello's arguments here aren't that much different than the government's opinions on the "liberty vs. security" balance. And like other defenders of intrusive programs, Coviello refers to the statements of critics as an "over-reaction." But is it? He bristles at being compared to Big Brother but his thought processes roughly align with the government's foremost proponents of intrusive programs. According to both, people just don't understand how bad things actually are, and in our unenlightened state, we're making the wrong choice between security and liberty.
Additionally, the "knee jerk reaction" he sees in privacy activists is, in reality, no different than the knee jerk reactions he fails to see in security and intelligence entities. While privacy activists are focused on retaining what's remaining and make small pushes for more, security/intelligence agencies leverage every tragedy or attack to expand their scope and dial back privacy protections.
But where his argument against privacy (and anonymity) ultimately falls apart is in his belief that collecting and storing large amounts of private data is the best solution for all involved.
To “suggest the only way to protect against cyber crime is to sacrifice privacy and civil liberties is absurd,” Nick Pickles, director of privacy campaign group Big Brother Watch, told TechWeekEurope. “It is a simple fact that if data has not been collected, it cannot be stolen, lost or misused. The best safeguard for consumers and businesses is for data not to be collected unless it is absolutely essential, and then deleted as soon as it is no longer required.”As for his complaints about anonymity? It's pretty much all or nothing. You can't whip up statutes and laws that allow anonymity and their privacy protections unless you're a criminal. Either you take the good with the bad or you eliminate it for everybody. No one's going to agree with that last one, so security groups and companies will just have to deal with the fact that their adversaries will be cloaking their identities. Cops may wish robbers wouldn't wear masks when committing crime, but that's the way it goes. You can't ban the sale of masks simply because someone holds up a bank wearing one.
I'm sure he understands this, but he's in a field where security is valued over privacy. But that's the expected mindset for someone is his position. The problem is that those with his mindset expect others to come to the same conclusion -- and when they don't, they're portrayed as part of the problem.
To be fair, Coviello at least had this to say about the jargon being deployed by government security officials and advisors.
"I absolutely hate the term 'Cyber Pearl Harbor'," he said. "I just think it's a poor metaphor to describe the state we are really in. What do I do differently once I've heard it? And I've been hearing it for 10 years now. To trigger a physically destructive event solely from the internet might not be impossible, but it is still, as of today, highly unlikely."Coviello may not like this particular FUD, but claiming anonymity and privacy are standing in the way of security isn't that far removed from the panicky assertions of the "cyber Pearl Harbor" types.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: anonymity, art coviello, privacy, security
Companies: emc, rsa
Reader Comments
Subscribe: RSS
View by: Time | Thread
Of course!
They should be tarred and feathered for their arrogant disregard for the security of their CUSTOMERS! I wouldn't believe a word he said for the rest of his life.
To be clear, RSA is UNTRUSTWORTHY FOREVER.
[ link to this | view in chronology ]
Re: Of course!
In re the substance of his comments, let me quote Enrico Fermi: "That is not even good enough to be wrong."
[ link to this | view in chronology ]
He knows that his argument is illogical on its face.
[ link to this | view in chronology ]
So? The new Google privacy policy is: You have no privacy."
"According to Schmidt, true transparency and anonymity on the Internet will become a thing of the past because of the need to combat criminal and 'anti-social' behavior."
http://tech.slashdot.org/story/10/08/06/0224255/google-ceo-schmidt-predicts-end-of-online- anonymity
Excerpt from Schmidt's book: “Within search results, information tied to verified online profiles will be ranked higher than content without such verification, which will result in most users naturally clicking on the top (verified) results. The true cost of remaining anonymous, then, might be irrelevance.”
"But Schmidt doesn't stop there. He essentially predicts that privacy will cease to exist online. Governments, he says, will find it "too risky" to have thousands of citizens "anonymous, untraceable and unverified" online, suggesting they will want to require verification of all online accounts at some level of government."
http://searchenginewatch.com/article/2241704/Eric-Schmidt-Google-Will-Give-Higher-Rankin gs-to-Content-Tied-to-Verified-Profiles
Similar abound. So why don't you EVER mention creepy Schmidt's comments on same subject? When Schmidt is in position to make his predictions true?
Google defenders are much like NSA defenders: basically blind to privacy, just insist over objections to being spied on: "we're only helping and you should be grateful!".
04:46:28[f-117-1]
[ link to this | view in chronology ]
Re: So? The new Google privacy policy is: You have no privacy."
[ link to this | view in chronology ]
Please go to the windows of your home and open all of the curtains. Remove all of the locks from your door and leave them open wide. After this is done, post your address so we can all come by and watch you. You can now feel secure since you have given up all privacy and anonymity.
Me
[ link to this | view in chronology ]
Here's a relevant item just popped up, though a bit "partisan" slant:
http://www.politico.com/story/2013/10/privacy-is-a-conservative-cause-99137.html
Seems to me like everyone but Techdirt worries about The Google...
[ link to this | view in chronology ]
Re: Here's a relevant item just popped up, though a bit "partisan" slant:
No matter how much information Google has on you, they can't do anything worse with it than sell ads. It's government agencies, the men with guns, handcuffs, drones and jails, that we here on Techdirt and elsewhere are worried about.
[ link to this | view in chronology ]
Re: Re: Here's a relevant item just popped up, though a bit "partisan" slant:
That, in my mind, is the huge difference: I can do something to stop Google from spying on me, so i don't get enraged about it. I can't do anything about the government spying, so it pisses me off.
[ link to this | view in chronology ]
I don't entirely agree with him, but the point he's trying to make is pretty straight-forward actually: Anonymity decreases security. Without security, criminals (or the NSA) can break in and access your private information. That's bad for privacy.
[ link to this | view in chronology ]
A total fantasy.
No. Anonymity protects my privacy.
The problem with Coviello's line of thinking is that he thinks all "real names" are actually valid. There's really no reason to believe that. It's pure fantasy.
If I say that I am Frank Abagnale, you have no reason to trust that any more than a pseudonym I've used for 20 years.
[ link to this | view in chronology ]
Re: A total fantasy.
By way of analogy, it's sort of like saying, "I want to be able to access my grandma's e-mail to make sure she didn't reply to some identity theft scam." The goal isn't to find real names, but to detect unusual behavior. Creepy and paternalistic? Yes. But not about real names per se.
[ link to this | view in chronology ]
Re: Re: A total fantasy.
[ link to this | view in chronology ]
Re: Re: Re: A total fantasy.
[ link to this | view in chronology ]
Re: Re: Re: Re: A total fantasy.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: A total fantasy.
[ link to this | view in chronology ]
Re: A total fantasy.
Protecting pi online is extremely hard already if the people researching you are thorough enough. Chaining of online aliases and pi is making Facebook/Google+ into an identity theft scam today.
That problem would get infinitely worse if anonymity was removed from the rest of the internet! Also protection of whistleblowers/other blackballable persons would be near impossible, keeping trade secrets off scrupulous traders before the stock market is informed would be much harder (Making illegal spying on people from large companies infinitely easier online and giving a massively profitable advantage for stock-traders using it!) and it might either keep many people from regularly using sites like this if they are in any way part of the art industries, government or their companies have ties with those or make them massively more popular as a counter-reaction to removing anonymity!
No, anonymity is a second layer of protection of privacy. Removing it would only make new vectors of attack on privacy, that much easier to pursue. The tradeoff is not worthwhile for many people.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
My solution is to semantically invert the statements of the NSA supporters and I figure I ought to be close to being correct.
[ link to this | view in chronology ]
Stop allowing corporations to hide behind "shell companies".
Stop allowing corporations and individuals who donate to political races, to be anonymous.
After all the above issues are corrected, then we'll start talking about deanonymizing average citizens.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
cyber Pearl Harbor
[ link to this | view in chronology ]
OLd interenet
1. WHOSE privacy?
With the current internet, you HAVE NONE, when a site can ASK your browser WHO/WHERE you are..
when SITES require this info just to display a page?
TRACKINg and proving the information they GET is the real thing...THATS HARD..(mostly)
[ link to this | view in chronology ]
This is Big Brother thinking, and it is reinforced by this fallacy -- why would you care when someone is monitoring your behavior if you aren't doing anything wrong?
The old saw about preventing 9/11 -- I write this all the time -- Richard Clarke had the data on the terrorists in July of 2001, but couldn't get an appointment with Condoleeza and W to report the info. 9/11 happened because the people in charge weren't paying attention.
Of course Art believes anonymity to be an inconvenience to his job. He wants your name and your number in his log file. Whether or not he uses it, it is a comfort knowing it is there.
Call him a security worker, gatekeeper, or high-tech guard; he's simply a regulator and not a "privacy consumer" (yes, I hate it too.) Privacy slows his process and makes things harder for him. He wants it easy. I can agree with him on one thing -- I don't like the phrase Cyber Pearl Harbor, either.
We may always need cops, but we should never let them make the laws.
[ link to this | view in chronology ]
Re:
I'd go even simpler: the guy is a straight-up authoritarian.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Privacy is like this too. If we could fully trust businesses, government and others, perhaps we would not need anonymity that much. But we can't, hence anonymity provides the ONLY tool to provide some degree of privacy without having to depend on others.
[ link to this | view in chronology ]