Security is bought with liberty
Security and Liberty are opposite ends of the same see-saw. If one end goes up, the other must necessarily go down. The problem is finding the right balance between the two. Unfortunately, those with responsibility over our security will always tip the balance in their own favour, thus reducing our liberty. This is dangerous when it is government, for it is an inevitable road to a police state – and both Europe and the US are already a long way down that road.
But it shows itself at every level. The security industry itself faces this dilemma every day: do they do everything they can to protect their customers, or do they temper their actions and beliefs with civil liberty issues?
Here’s a case in point. Apple’s response to the Flashback trojan is, says Wolfgang Kandek, CTO of Qualys, ‘innovative’. “Apple released today a new, quite innovative version of Java for Mac OS X 10.7 and 10.6. Innovative, because the new version does not fix any vulnerabilities, but instead addresses two of the current Java on Mac landscape problems,” he writes. Firstly, it erases known variants of Flashback; and secondly “it automatically disables Java when it has not been used for the last 35 days.”
Wolfgang is pleased with the latter. “It makes total sense to me: we have been telling users to disable or uninstall Java if they do not need it, but we know very well that only very security conscious users will do so.” That’s a security man speaking. But my view is the opposite: Apple has no right to arbitrarily mess with my computer.
By taking away my responsibility for myself, by taking control of my security for me, Apple is simultaneously making me less likely to be personally responsible in the future, while also making me more likely to accept the security dictates of government. Already one of government’s standard arguments whenever it proposes some new form of surveillance is “if you haven’t done anything wrong, you don’t have anything to worry about.” And we actually think they have a point because our concept of our own freedom is constantly eroded.
But the reality is this: because I have done nothing wrong, you have no bloody right to spy on me. So whenever a security man, government or industry, says to you, we’ll look after your security, ask yourself at what cost?