NSA, data privacy and the complexities of trust
Current events have pushed concerns about personal and data privacy into the limelight. Each new round of revelations about classified government programs highlights for me that at the heart of them all are issues of trust. Our social expectation that communication should be private goes back at least as far as the use of sealing wax on letters, and many people have expressed dismay at the extent to which that trust has been violated through government collection of information about their communications.
However, no one should really be surprised that the government has been gathering vast volumes of electronic metadata describing Internet connections and phone calls. After all, in the wake of the 2001 anthrax mailings, the U.S. Post Office has long been photographing the address information on every piece of mail it handles. Indeed, there is arguably an important difference between addresses and content; law, if not social expectation, asserts that the former are not private.
The funny thing is that all kinds of information about one’s behavior on the Internet is not just gathered, but sold by businesses. Read the fine print on the privacy statement of any commercial Web service to see just how much you’re giving away. There seems to be a significant difference between trust in government---which might do something with your metadata if you become a person of interest---and trust in businesses, which are doing all kinds of things with both the addressing and content of your Web-life.
Trust issues play into the present situation in another, subtler way. Consider the dual mission of the National Security Agency (the NSA), the entity responsible for the recently revealed domestic surveillance programs. On the one hand, it’s supposed to defend our military’s cyber systems; on the other hand, it’s also supposed to break down the cyber defenses of our nation’s adversaries. As the United States’ national cyber-security agency, NSA has played a significant role in assessing commercial cryptography and in developing standards for cryptographic protocols used commercially. Further, it is playing leading roles in improving the security of open-source software, and in working with the academic community to develop a foundational science of cyber-security. But there is some suspicion, recently amplified, that the NSA’s role in establishing commercial norms might have more to do with its system-breaking mission than its system-protecting mission. It is an interesting tension, and one that might be addressed in part by open and independent assessment of the suspect standards and protocols. Trust in technology that is lost by social means might be regained by technical means.
Clearly, trust is a complex issue with broad social, psychological, legal, business, and technical implications. The merest glance at current events shows that we are living in “interesting times” for trust. ITI is committed to remain at the forefront of research in this area, paving the way to a better understanding and quantification of trust, as well as more trustworthy complex systems.