Is protecting our civil liberties the same as protecting our privacy?
At one point during his keynote address at the RSA security conference in San Francisco on Feb. 26, FBI Director James Comey seems to equate the two. He said safeguarding critical IT doesn't mean Americans need to sacrifice their privacy and civil liberties. But when Comey offered an example on the balance between IT security and privacy and civil liberties, he mainly referred to civil liberties.
"I want to touch on issues of privacy for a moment," Comey said about 18 minutes in his nearly 25-minute address.
"Some have suggested there is an inherent conflict between protecting national security and preserving privacy and civil liberties. I disagree. In fact, I think the ideas of balance and trade-offs are the wrong framework because they make it seem like a zero-sum game. At our best, we are looking for security measures that enhance liberty. When a city posts police officers at a dangerous park so kids and old folks can use the park, security has promoted liberty."
Comey said the men and women of the FBI are sworn to protect national security and civil liberties; he didn't mention privacy.
A Very Dangerous Place
"The fact of the matter is that the United States faces real threats from criminals, terrorists, spies and malicious cyber-actors," the director said. "That is reality. The playground is a very dangerous place right now. To stop those threats, the government needs timely and accurate intelligence to identify threat actors and to figure out what they are planning. That means we need to conduct electronic surveillance and collect data about electronic communications. That is also reality. The real question is this: How do we do that in a way that allows us to prevent bad things from happening to our own people and our allies, and, at the same time, protect privacy and civil liberties and promote innovation?"
In the playground example, Comey addresses civil liberties, but not privacy. Privacy, of course, is a facet of civil liberties, but our privacy can be violated without compromising aspects of our civil liberties. The government could spy on our e-mails without preventing us to speak out against the government. Our privacy could be violated, but our rights to speak freely without being punished could go unabated.
Comey's remarks could be interpreted to mean that under certain circumstances the government will take steps to protect the nation against nation states, criminal or terrorist who could do us harm that could compromise our privacy, and perhaps, civil liberties as well.
Reading Between the Lines
There was another remark in Comey's speech that could be construed to condone government activities that could trouble many cybersecurity practitioners:
"I've never been someone who is a scaremonger, crying wolf - but I'm in a serious business, so I want to ensure that when we discuss altering tools we use to collect information on an individual we believe to be connected to criminal, terrorist or other unlawful activity, that we understand the benefits and trade-offs on the other side."
Could Comey mean that a situation such as the alleged corruption of a cryptographic algorithm by the National Security Agency published by the National Institute of Standards and Technology be tolerated to safeguard critical IT against terrorists or an enemy nation? To be clear, he didn't address specifically the allegation against the NSA (see Report: NSA Circumvented Encryption).
But he added that intelligent people can and do disagree on such approaches. "That's the beauty of American life," he said, "but we need to make sure that everyone understands the risks associated with the work we do and the choices we make as a country."
It's not that privacy and civil liberties be damned, but the reality is that in this dangerous world, privacy and civil liberties still can be sacrificed for the sake of security.
Is that a world you're comfortable with? Share your thoughts below.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.