« GPG public key | Home | Fun with linking data files »

August 21, 2013

How much security is too much?

I've been discussing the recent controversy over mass surveillance with friends and colleagues.  I was struck by how many of them seem to be absolutely fine with it, because "it's to protect you" and "if you haven't done anything wrong, you have nothing to hide".  Perhaps needless to say, I completely object to this kind of mass surveillance for many different reasons.  At the time, I couldn't quite work out why I was so much more offended by the idea of mass surveillance than the people I was talking to, and we decided that it was "because I do so much more online than other people".

But having thought more about it, I can see that this isn't true.  If anything, my exposure to this kind of thing is less than many other people because I know how to take precautions.  Things like using SSL as much as possible, making careful decisions about where to store my data and knowing one end of a PGP key from the other.

The real reason is simpler.  Killing innocent people is such a heinous crime that almost any measure might be justified to prevent it.  It's very hard to look someone in the eye and say that you honestly believe that certain measures should not be taken if there's a chance - however miniscule - that it could prevent them or their child from being killed.  Try it - it's a really nasty thing to do!  But what measures are too much?  Different people have different opinions on what security measures are acceptable, and that's fine.  But many of the measures already taken are unacceptable to me personally, and I don't like that things are getting worse.

  • I draw the line at having all my personal and private communications rummaged through by people I don't know.
  • I draw the line at having absolutely no rights whatsoever if detained and questioned in the UK while in transit through an airport.
  • When I travel, I draw the line at being forced to have an X-ray beam shone directly into my eyes by a "security" scanning machine, especially when I'm not allowed to know anything about how the machine works [1], and having naked pictures taken of me and my (hypothetical) children at the airport [2].  Seriously, if this is acceptable under child pornography laws, then there's something wrong with those laws.

If we don't fight back, we'll get more and more of this kind of thing.  Where will you draw the line?

[1] I plan my itineraries to avoid Manchester airport, even though it's very often conveniently located for me, because it makes particularly extensive use of these scanners.  They recently switched from X-ray to millimetre wave machines, a big improvement, but they only did so because of an administrative issue.

[2] Yes, I realise that most scanners now use "automated threat detection", and I agree that it's a big improvement.  However, I have very little confidence that the machines don't have some kind of test mode which circumvents this, and that no mistakes will ever be made.  As for "the machine doesn't produce a naked picture" - well, it's an image taken using radiation which interacts strongly with your skin and very weakly with your clothes.  If I had to write a textbook definition of a naked picture, that would be precisely it.  And this looks like a naked picture to me.

Leave a comment