Dr Louise Bennett explains the difference between security, secrecy, privacy and anonymity online.
At a roundtable hosted by Silent Circle, Dr Louise Bennett, chair of the Security Community of Expertise, talked about the issues in differentiating security, secrecy, privacy and anonymity online.
"The real balancing act between security and privacy is between notifications and the right to privacy," says Dr Bennett. "This is what people get upset about in companies like Google with the commercialisation of the internet and government surveillance. It's because these things have been linked together without the permission of the individual or they cross things that I don't give my consent to share with anybody else.
"We all know that there are a lot of different commercial models on the internet. Some services are free or below cost because of the value of data that you as a customer give up when you use the site. And the quid-pro-quo is usually targeted advertising. Young kids I talk to say, 'Facebook is free, and that's wonderful.' But Facebook is not free, get real! You're putting all this personal data out there and often they don't know the privacy settings so this can be seen by anybody and this is then used to target you.
"The key thing is how do you keep control of your data and personal information? Well statistics will tell you, you can't on the internet. Once it's out there, it's out there. If someone is determined to find your data, you've got a problem.
She stresses: "We have to understand that identity on the internet can be used as currency and can be gathered through Big Data aggregation and Big Data analytics and you have to decide to what extent you are prepared to use your identity attributes as payments for services you want. But you have to be aware of it and make your own choice."
She also highlights the second balancing act, which puts security and secrecy on one side and privacy and anonymity on the other. "I think there are really significant differences between privacy and anonymity. I would say that on the internet, anonymity is the ability to perform actions without them being traced to a person; they can trace them to the thing, but not the person."
Dr Bennett draws out the pros and cons of anonymity by stating that it can ensure individuals have the right to free speech without fearing the repercussions. But also, people can't be easily identified and held to account if they are anonymous.
Alternatively, she describes secrecy as what is known but not to everybody. Secrecy is what the intelligence services strive for. On the other hand, privacy is the ability to provide information to those who only we want provides the information to under our own free will.
"Privacy protects people and doesn't per say damage national security or law enforcement. But some would say it does. It does make those things harder to achieve. But I would say anonymity does cause damage," she says.
"Some of the only people who have really chosen to be anonymous are the people in Anonymous and LulzSec. They know the persona and the avatar, but they didn't know the biological person before they got together. Anonymity isn't necessarily for privacy but it is often misinterpreted as being synonymous with privacy. Activists in the Arab Spring say they wanted anonymity, but they didn't because if they had anonymity they wouldn't have been known to their friends and could have been compromised by the state. What they wanted was privacy from the state. That is not the same thing.
"I think privacy overlaps security; they go hand-in-hand and what advocates for privacy really want is security for the individual from the intrusion into their personal life or targeted action. You have two groups of people: advocates of strong unique electronic identities for national security purposes will often come from countries like China and countries with oppressive regimes," explains Dr Bennett.
On the side of those who are anti-anonymity, there are arguments that with the shield of anonymity, individuals can stalk, masquerade as others, they can be liable and will get into organisations to steal and defraud. Anonymous terrorists can plan, radicalise and perform cyber attacks and activists can compromise businesses and publish confidential information. Anonymity essentially removes accountability and makes the job of law enforcement much harder in the virtual world than it is in the physical world.
For those who are pro-anonymity and oppose electronic identities argue that there are those who use anonymity with good intent: whistleblowers who unveil wrongdoings of powerful individuals or organisations. Individuals can partition their lives or limit damage caused by people stealing their identities. They'll say that individuals with anonymity can avoid discrimination, escape abusive relationships and regimes and start a new life. Activists with a vested interest can give a voice to the silent majority. Anonymity protects the weak individual from abuse by the powerful.
"Most people are probably on both sides of the argument: it isn't as simple as that," says Dr Bennett.
"There is an enormous amount of work being done across the world, security, privacy and anonymity: how they work against each other and how they overlap. There is never going to global agreement over the rationality of these different things, what we have to work towards is global understanding of people's perspectives and an understanding of the context."
She concludes: "There are those who are against anonymity because it prevents accountability of those with malicious intent and there are those who are for anonymity because there are those with good intent who are abused by others. There isn't a single answer, you have to choose but you have to be aware of others opinions."
get a cbr Cyber Security weekly update
Unable to register now