1

Compromising Privacy for Security in the Technological Era

Samuel Abishek

Department of English, American University of Sharjah

ENG 204: Advanced Academic Writing

Dr. Özgür Parlak

July 4, 2020
 2

Abstract

Due to advancements made in technology, measures taken to enhance security have

resulted in a loss of privacy. This paper examines how security can lead to a loss of privacy

in the modern technological era. To address this issue, scholarly articles and books were

found on academic databases and articles from the Privacy and Security journal were used to

analyze security measures and its impact on privacy. The results showed that security has

been used as an excuse to violate people’s privacy by methods of mass surveillance. A false

trade-off model and a false belief that people do not value privacy has been used to justify the

loss of privacy. To ensure privacy there is a need for modernized legislation regarding the

online violations of privacy, improving information security among the users, and involving

privacy by design into the technology used for security. The study draws attention to the non-

ethical of monitoring and surveillance that grants unauthorized access to people's data and

information.

Table of Contents
 3

Abstract......................................................................................................................................2

Introduction................................................................................................................................3

Trade-Off Model........................................................................................................................5

Technological Invasion of Privacy............................................................................................6

Privacy Paradox.....................................................................................................................7

Surveillance............................................................................................................................8

Ensuring Privacy with Security................................................................................................10

Legislation............................................................................................................................10

Information Security............................................................................................................11

Privacy by Design................................................................................................................12

Conclusion...............................................................................................................................13

References................................................................................................................................15
 4

Introduction

Advancements in technology have made life easier by helping people simplify their

day to day tasks. These advancements have also facilitated easier methods for

communications and transfer of information which have caused millions of people and

organizations to heavily depend on technology. Due to the importance of the Internet of

Things which is the general idea of things that are readable, recognizable or locatable through

information sensing device and/or controllable via the Internet, irrespective of the

communication means (S. Patel & M. Patel, 2016), many countries which heavily depend on

technology have taken cyber security measures to prevent cyber criminal attacks. The need to

protect these platforms often overshadows the non-ethical monitoring of the users. The

internet can also be used to collect information and conduct surveillance on people in the

name of security. Since the cyber platforms are very vast, there are no specific methods yet

that can be applied to restrict the reach of security agencies. The ability to judge their own

actions, grants governments and private security agencies free reign to access sensitive

information. Access to an individual's sensitive information without their consent, even if it is

in the name of security, is a huge violation of a fundamental right of privacy granted to every

human. The possibility of misuse of the information could lead to the privacy of millions of

people being violated in the name of security. This situation has created a trade-off model

between security and privacy, a model that states that in order to gain security, privacy must

be sacrificed. This model has been falsely used by many as an excuse for mass surveillance.

When the National Security Agency’s surveillance of millions of citizens was leaked by

Edward Snowden, Barack Obama, the ex-president of the United States used this trade-off

model to condone the wrongful surveillance of millions of the country’s citizens (McCarthy,

2013). When governments have been excused from their security methods of conducting

mass surveillance in the name of security, they set themselves as examples for other security
 5

agencies to follow similar methods of mass surveillance in the name of security. Often times

the government uses private companies such as Google and Facebook to conduct surveillance

on their citizens, which has caused the loss of sensitive information of the millions of people

who use these highly reputed websites. The websites and companies used by security

agencies to gather information could use the information for illegal purposes or even sell the

information to the highest bidder. Hence, there is a need for people living in technologically

modernized environments to be educated to realize that the excuse of providing security

could be used to disregard their privacy. This need raises the research question for the current

paper: How can privacy be protected without harming the increase of security in the modern

technological era? To answer the question, the reasons that justify the loss of privacy would

need to be analyzed and better methods of protecting privacy while attaining security would

need to be discussed. Therefore, methods used for security that infringe upon the privacy of

citizens and can be reduced with better legislation, increasing people’s education on methods

to attain information security, and involving privacy by design for security software.

Trade-Off Model

In the modern world, human beings depend on institutions and organizations

responsible for security to protect them from various threats. Due to advancements in

technology, threats of attacks from far distances have become a major concern. In order to

protect the people from different threats that they might face, organizations responsible for

maintaining security have come up with a trade-off model that requires the sacrifice of

privacy to gain security (Hildebrandt, 2013; Valkenburg, 2015). In the 20th century, the

trade-off model has been frequently used as an excuse for the monitoring and surveillance

actions taken by organizations in the name of security. The model is used by many

government officials in decisions involving cyber policies because when posed against each
 6

other, security is considered more important than privacy (Valkenburg, 2015). Security is

often considered more important as security is usually always is considered as protection for

the community as a whole but privacy is always considered individually (Solove, 2011).

People’s different values for privacy and security show that privacy and security are not equal

and thereby represent a mistake in the trade-off model. The idea of the model that considers

privacy and security as equal and opposite terms and is deeply flawed because the complexity

of both the terms cannot be understood by a simple give and take relationship. Often times

the privacy lost is far greater then the security gained.

One of the main arguments behind the acceptance of this model is the argument that

law abiding citizens should not have anything to hide from the government. This statement is

argued by Solove (2011), who states that the very security that citizens are assured will be

nullified as there no guarantee that data gathered by the governing agencies will not be used

against people. The current world thrives on data and information, security against the misuse

of that information by governments or other organizations is important. Allowing any

organization to have free reign over people’s information will result in a huge imbalance of

power.

Technological Invasion of Privacy

The value of privacy is often underestimated until it is lost. Dienlin & Trepte (2015)

described privacy concerns as “the desire to keep personal information out of the hands of

others” (p. 286). Privacy can be differentiated into territorial privacy, personal privacy, and

information privacy. Privacy has always been an important part of life for humans as it

associated with the feeling of safety. The aspects of life important for privacy have been

changing since the beginning of time. From not wanting people to enter their hut to not

wanting people to write about them to not wanting people to taking pictures of them, privacy
 7

has always been a concern. Nowadays, just as technology has helped people communicate

between far distances, it has also allowed for information to be gathered from distances and

thereby causing concern for privacy. Since there is a high reliance on the internet and other

forms of modern technology for communications, fear of losing privacy is slowly being

instilled into people. The need for information privacy and information security is higher than

ever as the current world is being run by data (Von Solms & Van Niekerk, 2013). There are

many different methods in which information privacy can be lost. Two main methods used by

organizations to gather information about people are by listening in on direct communications

and by collecting the person’s online footprint such as websites, emails, and watch history.

Privacy Paradox

When privacy is lost in the fight for security there is a tendency among security

leaders to claim that people do not value privacy and therefore the sacrifice of privacy is not

consequential. The value people have for privacy is questioned by the privacy paradox which

states that though people claim to value privacy, they are also very willing to share sensitive

information for immediate gratification. They thereby prefer to acknowledge current benefits

over future threats (Dienlin & Trepte, 2015; Kokolakis, 2017). The difference between

people's attitudes and behavior can be seen by the huge backlash received by the Indian

government when a widely used video sharing app called TikTok was banned due to

evidence that user information was being collected by China. There is a need to find if people

value their privacy. In order to find if people do value their privacy, Dienlin and Trepte

(2015) conducted a study and found that though the privacy paradox was relevant in the past,

it is flawed due to not taking several factors such as immediate environment, emotional

circumstances and the trust placed by people on the sources they give information to. In

another study conducted about the privacy paradox, Kokolakis (2017) the information sharing
 8

tendency of people. He found that the sharing of information was not due just due to

immediate gratification and the disregard of privacy, it was rather due to different

surroundings and lack of information about the risks of sharing information. In many studies

of the privacy paradox, people that were found to share information did not know the

repercussions of their actions. After being educated of the different effects of their action and

when given a choice, people either chose not to share sensitive information or chose the more

secure source. (Kokolakis, 2017).

People find it easier to share information to a screen than share information with

another human being as there is a false satisfaction of thinking there will be no immediate

misuse of the information shared. Therefore, people are more likely to share information with

a digital screen (Dienlin & Trepte, 2015; Kokolakis, 2017). People were also more likely to

share their information with highly reputed websites and government websites, showing that

people do care about who has access to their privacy. Though the younger generation are

expected to not care about privacy and are associated with careless mobile phone usage, the

youth were found to be more knowledgeable and cared about privacy than the older

generations (Kokolakis, 2017). There is a need to fight for privacy as the younger generation

are showing that they value privacy and do not want to sacrifice without valid justification.

The privacy paradox can no longer be used to accept the violation of privacy.

Surveillance

Prevention is better than cure is a saying that is often used regarding situations that

have the possibility of a harmful or painful ending. With regard to security, one of the

methods of prevention is to know the intent of criminals before they commit a crime. This

type of prevention can be done through surveillance. Merriam-Webster’s dictionary defines

surveillance as “close watch kept over someone or something” and traces the first use of
 9

the word to the year 1802 (Merriam-Webster, n.d.). Developments in technology and the

high usage rates of modern communications systems have made surveillance of the masses

easier. Surveillance can be conducted by gathering information that is available online and

accessing direct communication such as phone calls. The importance of how privacy can be

easily affected in the name of security is showcased by the actions of the NSA in the United

States.

Bauman et al. (2014) analyzed methods used by the NSA and found that the NSA

begins by monitoring one person under suspicion and then continues to monitor the suspect’s

closest hundred connections and could continue to monitor up to 2,669,556 individuals.

Bauman et al. also found that the NSA used private internet companies such as Google,

Facebook, and Skype to access user information. UK, France, Germany, and Sweden have

already been reported to have placed hundreds of interceptors on cables running through

their country (Lauer, 2012). This data collected by surveillance is then further stored and

analyzed to find potential criminals or criminal activities. The method of being able to find

criminals before they commit an act is not possible. No algorithm can predict potential

mass disaster causing human actions based on a person's attitude and behaviors on the

internet (Mattord & Whitman, 2011; Hilderbrandt, 2013). There is a trend of developing

countries trying to conduct surveillance on its own citizens and citizens of other countries.

Countries with a high number of criminal attacks such as the US and the UK and countries

with a low number of attacks such as Sweden conducting surveillance show the belief that

surveillance is necessary for security is increasing. The actions by different governments

should not be seen as a mistake waiting to be stopped after it is revealed but instead must

be seen as indicators to the dire methods the governments of different will undertake in

order to gain a sense of security that cannot be proved (Bauman et al., 2014; Fura et al.,
 10

2012; Lauer, 2012). Surveillance methods could not be justified as no security agency was

able to present proof that security had become better due to surveillance

Ensuring Privacy with Security

Legislation

Legislation is the greatest weapon against the powerful as it holds every individual

and organization accountable for their actions. Legislation has played key roles in protecting

humans rights and hence, plays an important role in protecting people’s right to privacy. The

legislation of most countries is dedicated to protecting its citizens by judging every person’s

actions with the same standards. In the fight for privacy, the law should be used to hold

government and other security-based institutions accountable for their actions. Since each

country has different and complex laws there are no particular laws that can be used to grant

privacy to every person in the world. Since the legislation of many countries was created

before the technological boom, most of the privacy laws only grant the person physical

privacy and personal privacy but legislation regarding information security is not yet

effective in most countries. There is a need for regulation of the reach and scale of

surveillance conducted to determine if the privacy lost is justified (Bauman et al., 2014).

When security is involved there will always be a need for constant surveillance of

individuals who have a high possibility of causing harm to others. However, the legislation

has to set a limit to the powers granted over electronic surveillance. The surveillance powers

could be limited by enforcing security agencies to go through more checks in order to be able

to conduct surveillance. When agencies decide that surveillance is absolutely necessary, they

should have to prove the need for surveillance by providing proof. Legislation should restrict

and define the exact terms involved in the act of surveillance. The methods and data collected

should be documented. The definition should state the number of close friends of the suspect
 11

allowed to be monitored so that the excuse of surveilling close friends of close friends would

not lead to millions losing their privacy due to the suspectable actions of a single person.

There are laws that partially do grant privacy but as seen by the NSA’s actions, surveillance

was conducted even though the 4th amendment of the American constitution grants citizens

the right to privacy. The consequences of disobeying such laws are not dire enough to prevent

the loss of privacy and hence stricter actions should be taken when non-ethical surveillance is

conducted. Hilderbrandt (2013) and Solove (2011) raised concerns that even were

surveillance is done effectively, many times the data collected is often misused. When data is

collected and analyzed, the data is disregarded and the companies or people in charge of the

data could sell the information to other countries or companies. Legislation should make sure

that the data collected is properly handled and disposed of. These changes to legislation will

provide the start required to ensure privacy in the modern technological era.

Information Security

To fully ensure privacy, people must protect their information and data. Information

security refers to the process and methodology which is designed to prevent unauthorized

access to any form of sensitive and private information. (Von Solms & Van Niekerk, 2013, p.

98). Information security plays an important role in ensuring privacy and information security

can be enabled by the users themselves instead of depending on other sources for the

protection of privacy. Information security is not a code of programme or technology that can

be created immediately, it is a process. To attain information security, industry experts try to

ensure confidentiality, integrity, and availability of information. This is also known as the

CIA triangle of information security. One of the methods that can ensure the CIA triangle is

to control access to the person's data. Access needs to be regulated as too much free access

would result in a loss of information and surveillance and not providing enough access will
 12

result in the technology being useless and unfunctional. When surveillance does take place

with the required legal permissions, the security agency will automatically be granted access

to the person’s information and therefore there is no cause for fear that security cannot be

achieved because the information of a person will ill intentions cannot be accessed.

People themselves can control the different entities that can legally access their

information but are not educated on the steps required to restrict access. When people use

technology, users are oftentimes not aware of the information they give out and do not know

the necessary steps to ensure privacy. Many technologies and apps allow direct information

access unless the user specifically disables it. Since many of the older generations are not

very knowledgeable about their devices, they are actually more likely to share information

than teenagers (Kokolakis, 2017). Internet users should be educated on the rights they have

for privacy and how to gain it. Due to a lack of education about modern programming, many

companies such as Google and Facebook legally collect information from the user and then

sell it to security agencies. Therefore, in order to preserve privacy with security, information

security needs to become a higher priority as one can take initiative to control access to their

data and also by educating people of the right methods to use technology without sacrificing

privacy.

Privacy by Design

Security in the modern age involves software and technology. These technologies

should be programmed to respect the privacy of people. Valkenburg (2015) states that one of

the best methods to gain security without disrupting privacy is by involving Privacy by

Design. Privacy by design is an idea that states that privacy should not be something that is

fitted in when the security system is being used but privacy must be part of the design process

of the security features. To protect privacy, information security must be designed into the
 13

system from the beginning of usage and then be implemented only after successful trials

showing proof that the system can provide a balance between gaining security and respecting

privacy. Security systems that handle information and data with functions to handle privacy

added after usage, often require constant patching and maintenance to prevent damage to the

system and information (Whitman & Mattord, 2018).

Security on online platforms is often conducted by different types of Online Security

Technologies (OST). There are many types of OSTs and all of them are designed to attain

security by different methods but none of the OSTs have a privacy protection setting

designed. Hildebrandt (2013) examined these systems and found that as new OSTs are

developed, a privacy factor can be added without damaging the security features of the OSTs.

Privacy features need to specific to the particular type of OST as different types of OSTs use

different methods to gather data and information.

Conclusion

The fight between privacy and security has been a debate since the beginning of

advancements in technology. The trade-off of privacy for security is not balanced and hence

the loss of privacy in the name of security is not justified. As surveillance cannot be

completely stopped, modernized legislation that regulates surveillance by imposing more

restrictions on the extent of surveillance conducted and monitoring the type of surveillance

conducted is a key factor in ensuring privacy. Legislation should also ensure the right

management of the data collected from ethical surveillance and severely punish agencies that

violate privacy laws. Since the law itself cannot fully guarantee privacy, there is also a need

to educate users of online platforms and modernized technology on the consequences of

sharing their information and methods to attain personal information security. As the law and

the users are required to play their role in attaining privacy, the security experts must design
 14

privacy settings into the technology and software involved in security. Privacy factors added

after the security system is in use often are impractical and hence privacy should be included

into the design before the use of the security systems. As these methods are followed people

will be able to protect their privacy without affecting the methods followed by different

agencies to attain security. These methods of ensuring privacy are just the beginning of the

fight for privacy as continuing advancements made in technology will present new methods

of collecting information. These methods should be updated just as much as technology is

advanced. Though privacy and security are often falsely seen as opposite terms due to

technology, there will always be methods to attain privacy without harming the privacy of

people.
 15

References

Bauman, Z., Bigo, D., Esteves, P., Guild, E., Jabri, V., Lyon, D., & Walker, R. B. (2014).

After Snowden: Rethinking the impact of surveillance. International Political

Sociology, 8(2), 121-144.

Bendovschi, A. (2015). Cyber-attacks–trends, patterns and security

countermeasures. Procedia Economics and Finance, 28, 24-31.

Dienlin, T., & Trepte, S. (2015). Is the privacy paradox a relic of the past? An in‐depth

analysis of privacy attitudes and privacy behaviors. European Journal of Social

Psychology, 45(3), 285-297.

Fura, E., & Klamberg, M. (2012). The chilling effect of counter-terrorism measures: A

comparative analysis of electronic surveillance laws in Europe and the USA. In J.

Casadevall, N. Bratza, E. Myjer, M. O'Boyle, & A. Austin (Eds.), Freedom of

Expression–Essays in honour of Nicolas Bratza–President of the European Court of

Human Rights (pp. 463-481). Wolf Legal Publishers.

Hildebrandt, M. (2013). Balance or trade-off? Online security technologies and fundamental

rights. Philosophy & Technology, 26(4), 357-379.

Kokolakis, S. (2017). Privacy attitudes and privacy behaviour: A review of current research

on the privacy paradox phenomenon. Computers & Security, 64, 122-134.

Lauer, J. (2012). Surveillance history and the history of new media: An evidential

paradigm. New Media & Society, 14(4), 566-582.

McCarthy, T. (2013). Obama defends secret NSA surveillance programs – as it happened.

The Guardian. Retrieved from http://www.theguardian.com

Merriam-Webster. (n.d.). Privacy. In Merriam-Webster.com dictionary. Retrieved July 4,

2020, from https://www.merriam-webster.com/dictionary/privacy

 16

Patel, K. K., & Patel, S. M. (2016). Internet of things-IOT: Definition, characteristics,

architecture, enabling technologies, application & future challenges. International

Journal of Engineering Science and Computing, 6(5), 6122-6131.

Solove, D. J. (2011). Nothing to hide: The false tradeoff between privacy and security. Yale

University Press.

Valkenburg, G. (2015). Privacy versus security: Problems and possibilities for the trade-off

model. In Gutwirth, S., Leenes, R., & Hert, P., Reforming European Data Protection

Law (pp. 253-269). Springer.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber

security. Computers & Security, 38, 97-102.

Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Cengage

Learning.