Privacy vs Security
The difference between privacy and security can be a bit confusing as security and privacy are two interrelated terms. In information technology world, providing security means providing three security services: confidentiality, integrity, and availability. Confidentiality or privacy in one of them. So, privacy is just one part of security. Privacy or confidentiality means keeping something secret where the secret is known by only the intended parties. The most used technique for providing confidentiality is encryption. To provide other security services techniques such as hash functions, firewalls are used.
What is Security?
The word security with respect to information technology refers to providing the three security services confidentiality, integrity, and availability. Confidentiality is concealing information from unauthorized parties. Integrity means preventing any unauthorized tampering or modification of data. Availability means providing the service for the authorized parties without any disruption. Attacks such as snooping, where the attacker eavesdrop a message sent by a person to another, causes threats to the confidentiality. Techniques such as encryption is used to provide security against such attacks. In encryption, the original message is changed based on a key and without the key an attacker won’t be able to read the message. Only the intended parties are given the key using a secure channel so that they can only read. AES, DES, RSA and Blowfish are some most famous encryption algorithms out there.
Attacks like modification, masquerading, replaying, and repudiation are some attacks that threaten integrity. For example, say someone sends an online request to a bank and someone taps the message on the way, modifies it and sends to the bank. A technique called hashing is used to provide security against such attacks. Here a hash value is calculated based on the content of the message using a hashing algorithm like MD5 or SHA and sent with the message. If someone does even a tiny modification to the original message then the hash value will change and so can detect such a change. Attacks such as denial of service attack threaten availability. For example, say a situation where millions of false requests are sent to a web server until it is down or the response time becomes too high. Techniques such as firewalls are used to prevent such attacks. So security means providing the three service confidentiality, integrity and availability using various technologies such as encryption and hash functions.
What is Privacy?
Privacy is a similar term for confidentiality. Here only intended or authorized parties should be able to share secrets while unauthorized parties cannot be able to find out the secrets. Privacy is one of the most important and critical things when providing security. If there is a breach in privacy, security is affected. So privacy is part of security. Security involves providing services such as confidentiality (privacy), integrity, and availability while privacy is one such service that comes under security. Say, in a certain company a head office communicates with the branch office over the internet. If some hacker can acquire sensitive information, then the privacy is lost. So techniques such as encryption is used to protect the privacy. Now the employees on both sides know a secret key that only they know and any communication can be decoded only using that key. Now a hacker cannot gain access to information without the key. Here, the privacy depends on keeping the key secret. Privacy can be with respect to a single person as well. An individual can have data which he needs to keep private for himself. So, in such situation also, encryption can help to provide that privacy.
What is the difference between Privacy and Security?
• Security refers to providing three services confidentiality, integrity, and availability. Privacy or confidentiality is one of those security services. So, security is an umbrella term where privacy is a part of it.
• Providing security can be costlier than providing just privacy as security involves services other than privacy as well.
• A breach of privacy means a breach of security as well. But a breach of security does not always mean a breach of privacy.
Summary:
Privacy vs Security
Security is a broad field where confidentiality or privacy is a part of it. Apart from providing privacy, providing security means providing two other services namely integrity and availability as well. To provide privacy the most used technique is encryption. Privacy means that something is kept secret among only the authorized people. If the secret is leaked that is a breach of privacy and in return a breach of security as well.
Images Courtesy:
Bose says
Don’t really agree on how the context are presented.
There is another aspect. Privacy of the individual has reduced dramatically due to an increase in security measures.
Hence one could postulate that increase in Security will decrease Privacy and vise-versa !!!
Anonymous4 Areason says
Bruce Schneier had this to say on, “The Eternal Value of Privacy,” posted, May 18, 2006:
“The most common retort against privacy advocates — by those in favor of ID checks, cameras, databases, data mining and other wholesale surveillance measures — is this line: “If you aren’t doing anything wrong, what do you have to hide?”
Some clever answers: “If I’m not doing anything wrong, then you have no cause to watch me.” “Because the government gets to define what’s wrong, and they keep changing the definition.” “Because you might do something wrong with my information.” My problem with quips like these — as right as they are — is that they accept the premise that privacy is about hiding a wrong. It’s not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect.
Two proverbs say it best: Quis custodiet custodes ipsos? (“Who watches the watchers?”) and “Absolute power corrupts absolutely.”
Cardinal Richelieu understood the value of surveillance when he famously said, “If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.” Watch someone long enough, and you’ll find something to arrest — or just blackmail — with. Privacy is important because without it, surveillance information will be abused: to peep, to sell to marketers and to spy on political enemies — whoever they happen to be at the time.
Privacy protects us from abuses by those in power, even if we’re doing nothing wrong at the time of surveillance.
We do nothing wrong when we make love or go to the bathroom. We are not deliberately hiding anything when we seek out private places for reflection or conversation. We keep private journals, sing in the privacy of the shower, and write letters to secret lovers and then burn them. Privacy is a basic human need.
A future in which privacy would face constant assault was so alien to the framers of the Constitution that it never occurred to them to call out privacy as an explicit right. Privacy was inherent to the nobility of their being and their cause. Of course being watched in your own home was unreasonable. Watching at all was an act so unseemly as to be inconceivable among gentlemen in their day. You watched convicted criminals, not free citizens. You ruled your own home. It’s intrinsic to the concept of liberty.
For if we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that — either now or in the uncertain future — patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality, because everything we do is observable and recordable.
How many of us have paused during conversation in the past four-and-a-half years, suddenly aware that we might be eavesdropped on? Probably it was a phone conversation, although maybe it was an e-mail or instant-message exchange or a conversation in a public place. Maybe the topic was terrorism, or politics, or Islam. We stop suddenly, momentarily afraid that our words might be taken out of context, then we laugh at our paranoia and go on. But our demeanor has changed, and our words are subtly altered.
This is the loss of freedom we face when our privacy is taken from us. This is life in former East Germany, or life in Saddam Hussein’s Iraq. And it’s our future as we allow an ever-intrusive eye into our personal, private lives.
Too many wrongly characterize the debate as “security versus privacy.” The real choice is liberty versus control. Tyranny, whether it arises under threat of foreign physical attack or under constant domestic authoritative scrutiny, is still tyranny. Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that’s why we should champion privacy even when we have nothing to hide.”