Only minutes passed between first learning of the Paris attacks and confirming that our son, studying abroad in France, was safe. But it seemed to last a lifetime. My wife and I were with him in Paris just two weeks earlier, strolling happily a few blocks from where slaughter would soon visit the Bataclan Concert Hall and La Belle Equipe. Then, like a sick, twisted Groundhog Day, it felt like 9/11 all over again.
The Paris terrorism has rekindled an ongoing debate over government surveillance power, personal privacy, and cybersecurity. In this crucial, consequential debate, it behooves us to remember that terrorism’s goal is to trigger emotional, extreme reaction, and that perspective and balance are the antitheses of violent radicalism.
Absolute security is illusory.
Cybersecurity, like terrorism, is perpetual battle. Evolving attack methods compel advances in defense, which lead to new attack tactics, and on and on. Thus has been warfare through the ages, and though modern technology has quickened the ebb and flow, experience offers no reason to believe such conflict will ever be resolved. It likely will remain a “when not if” world of data breaches, just as avoiding terrorism will continue to be a matter of probability, not certainty. The attainable expectation for either a company or a country is reasonable security, achieved through strategic, determined efforts to improve the status quo.
Effectively balancing privacy and surveillance power requires a long memory.
When we feel safe, we tend to view personal privacy as sacrosanct, and we devalue the need for government security surveillance. But when terrorists strike, the emotional pendulum abruptly swings – feeling unsafe, we look to the government to protect us, and we devalue personal privacy. This amnesic whipsaw plays out repeatedly through politics and policy. In the immediate aftermath of Paris, reminiscent of post-9/11:
- Currently unsubstantiated claims that the Paris terrorists may have used end-to-end encrypted communications are refueling law enforcement efforts to obtain backdoor encryption keys, despite the Obama administration’s recent acquiescence to the tech industry’s position on this issue.
- Edward Snowden’s illegal exposure of national security surveillance means and methods has been linked, without substantiation, to the terrorist’s ability to strike Paris.
- After the EU Court of Justice invalidated the U.S.-EH Safe Harbor in reaction to revelations about U.S. surveillance practices, the interests driving the pending fast-track negotiations for Safe Harbor 2.0 may shift – time will tell.
The lesson of Groundhog Day is that, though the day’s circumstances may endlessly repeat, our response can change. We can have more realistic expectations for cybersecurity, recognizing its practical limitations. And, while privacy purists and surveillance hard-liners use immediate events to incite public support, we can choose to take the long view, recalling when safe how it was to feel threatened, and remembering when threatened what it was to feel safe.