Security has a price. When talking about computer security, this price can be paid in different ways, such as performance or ease of use (or both). When talking about meatspace security, whether it is nation-wide or individually, the price is paid in freedom and privacy. I claim that the loss in freedom is usually much higher than the gain in security. Of course I'm far from being the only one to claim that. However it is quite difficult to convince people that this is true, because most of the time the discussion is about nation-wide political decisions, and it is hard to grasp all the whys and the wherefores of their implications.
I don't want to wave hands explaining how massive surveillance is a bigger loss in individual freedom and collective freedom than it is a win in security. I've tried that before and it doesn't really work on the people who need to be convinced. Instead, I'm going to tell you a story, a real story, that happened to me a bit more than two years ago, and which I think is a perfect analogy of our topic, except it is a human-sized story so it is easier to grasp all the implications and identify the problems. As it turns out, the story is not only an analogy of the security versus liberty trade-off, but also to the differences between proprietary and free (as in freedom) software, or between closed and open formats, showing that openness is necessary for liberty and privacy.
It all begins in the summer of 2012. I had just finished my master degree and I would be starting my PhD soon. I had to move out of my room at the student dorms and find a new place to live for three years, in the Paris area. Even in the suburbs of Paris, the prices of real estate are so high that one PhD funding is not sufficient on its own to pay for decent housing for three years. Getting together with roommates is the obvious solution. Two of my friends were in the same situation and would do their PhD in the same area, so we decided to look for an apartment together.
After long weeks of searching and dealing with real estate agencies (trust me in the Paris area it is anything but pleasant to deal with those), we found a very nice place in our price range, so we decided to go for it.
We moved in on August 20. As I said, we were three roommates. The problem is, we had only two keys of the apartment. What's the problem you say? Just go make a duplicate (or more!) of the key and you're all set. We wish.
It happens that the door of the apartment is a fancy security door, and that its lock is a fancy security lock… and that the keys thus have to be fancy security keys. What does "fancy security" means?
It means that the door and the lock are very strong and hard to break, and that the keys are very difficult to reproduce. Actually, only the company that issued the whole system in the first place can do it. Let's call them FancySec.
For the real estate agency, it means that we can't get burglarized (yeah, because burglars always come in through the front door, it is known khaleesi). It also means that they know exactly how many keys we have: since they are the only possible interlocutor of FancySec, we have to go though them if we want any additional keys.
For us, it is supposed to make us feel safe and happy. In practice, not so much.
- We can't make a duplicate when we want. With regular keys if we want to host some friends for more than one night or if one of us want to give a key to his girlfriend or boyfriend, we just go to any locksmith, and that's it. Instead we are forced to ask the real estate agency (thanks for our privacy) and it can take weeks before we get the new key.
- This kind of keys is expensive. Regular keys for regular doors cost less than 10€ to duplicate, these keys are almost 70€. Seven times more expensive. Given the price to reinstall a new FancySec lock and get a bunch of new FancySec keys, it would be better if none of us accidentally lose his key.
What is the added security, really? What are the odds that there
is someone in the world with the aim to rob our apartment, knowing that
this person did not manage to steal one of our keys, would have to enter
our building using a code and then a key to get to the elevator or stairs
which lead to our apartment, and then try to open our door? I believe the
odds of that are so small that the probability that we get robbed would not
even change if we had a regular door with regular convenient keys.
The main idea here is that the door is not the limiting factor: even if the FancySec door is a thousand times more resistant, it does not matter because the probability someone tries to break in is extremely small.
What if FancySec goes out of business? Or if they just stop
supporting our key models? That's not an entirely absurd supposition, it
happens that FancySec is closed for vacation in August, so when we moved in
our apartment we had to wait for fifteen days before the real estate agency
could order an additional duplicate of the key from them and it took ten
more days to finally get the key. In the meantime we had to juggle with two
keys for the three of us so most of the time when we weren't home there was
one of our FancySec keys in our mailbox which I bet can be opened with a
This is something that needs to be emphasized: strong security is often so inconvenient that the necessary workarounds actually lessen the overall security.
So what conclusions can we draw from this story? First, that what we have is actually not additional security, but rather the illusion of additional security. Second, that we pay for this illusion of security with a lot of inconveniences, and with loss of freedom and privacy, and that both can result in weakening the actual security level. Third, that closed proprietary formats are a bad thing, even away from the digital world.
Just replace the real estate agency with a government, the burglars with terrorists, FancySec with the army / intelligence agencies / big private companies, and for instance our door with an airport or our keys with surveillance cameras. You'll get the big picture. The trade-offs are the same. We lose a freakin' lot of freedom and convenience to get a security improvement that is irrelevant most of the time. It is important to struggle for our freedom and not let the security rhetoric get to us.