Debates about privacy and security tend to assume that the two are in opposition, so that improving privacy tends to degrade security, and vice versa. But often the two go hand in hand so that privacy enhances security. A good example comes from the airport scanner study I wrote about yesterday.
One of the failure scenarios discussed in that study involves tampering with a computer that handles a scanned body image. The researchers showed that anyone who can tamper with the computer on which images are viewed can carry any contraband they like through the scanner without detection, by reprogramming the system to display an innocuous image when it sees a distinctive pattern presented by the attacker, such as a geometric pattern in lead tape on the attacker’s undershirt.
Tampering is a problem in all security checkpoint technologies, but it is a bigger risk for the body scanners than it was for the previous generation of magnetometers (metal detectors). The reason is that the magnetometers’ critical hardware is in a highly visible public place (the public part of the checkpoint) where tampering is likely to be noticed, but the scanners’ viewing computer is tucked away in a private, screened area set apart from the checkpoint—the kind of place where an intruder or a rogue employee can more easily mess around with a computer without being noticed.
Why the difference? The reason is that the scanner collects sensitive private body images, unlike the magnetometer. So the scanner has to be in a non-observable place. The scanner’s privacy drawbacks create security drawbacks.
You could try to cope with the risk of computer tampering by pointing a surveillance camera at the viewing area, but now you’re introducing the risk that naked body images will be picked up by the surveillance camera. The surest way to protect the system from tampering has to start by reducing the system’s privacy impact.