Attacks on privacy are attacks on national security

Privacy issues seem, well, private.

When we think about the phrase “invasion of privacy,” it’s natural to think first on an individual level — one person invading the privacy of another — a stalker, a blackmailer, even a burglar. And history is full of examples of criminal organizations invading the privacy of both the powerful and vulnerable to pressure them, often for financial gain. Many people also have deep-rooted fears of their own government invading their privacy.

What’s new is the kind of wars that are being waged and the weapons our enemies are using in the battle zone.

While gathering private data is still part of high-level spycraft to steal government information or industrial intellectual property, increasingly the invasion of privacy is targeting ordinary Americans. Bad actors seek detailed private data that reveals far more than traditional demographics. Armed with insights about our attitudes, behaviors, and motivations, their objective is to influence large swaths of our population, incite strife among us, and damage our economy. 

In the past few years, hostile nations have been systematically buying, stealing, and manipulating privacy data. They work with criminal organizations to develop huge amounts of personal data about millions of Americans. When and where you’ve been, and with whom. And they can do much of it from the other side of the world. The websites you visit, your purchases, expenses, debts, and political and religious views.

They can often determine if you’re suffering — or celebrating — a major life event: the birth of a child, death of a parent, marriage, or divorce. They note your resentments, your ambitions. Extremist groups use such data to target people whose anger and resentment makes them susceptible to radicalization.

In the Second World War, the United States manufactured more than twice as many aircraft as Germany and Japan combined because bombers helped win the war. Today, the bombs being dropped on the United States take the forms of cyber attacks, economic pressure, and targeted influence campaigns.  The modern-day “bomber” is the digital infrastructure — and the fuel is identity and privacy data. 

We must take immediate steps to counter the threats created by these hostile industries, nation states, and terrorist organizations. To do that, we must be clear-eyed about three realities.

One, we must recognize the stakes of the game — this is not just about cybersecurity. We are currently in a battle to defend our most fundamental freedoms, from the standpoint of both national security and personal intrusion into our lives.

Two, we cannot win this fight without technology and good policy working together. The technologies we use — whether they be social media to better communicate, or investigative technologies to catch child predators — are not the problem. The risks and vulnerabilities come from the use of the technology and our ability to control private data within these systems and applications. The national security threats created by hostile nations’ and terrorist organizations’ use of private data can be defeated only by the government and industry working together.

Three, we need the support of social media and technology companies to take the lead in developing privacy-protection technologies. For example, artificial intelligence, 5G mobile broadband, and the next generation of face recognition can be used to change the way personal data is collected and be part of the privacy-protection solutions.

Some people say the battle for privacy is already lost. Others say we must claw back technology, essentially step back in time. I say that as the battle is already joined, we must not throw away our weapons, but forge new ones. Here are four steps we need to take:     

1. Communicate the need to look at and protect privacy in new ways in the digital age to ensure both personal freedoms and national security.
2. Create next-generation privacy legislation that will support national defense, the privacy rights of American citizens, and our democratic institutions, not just assigning responsibility for the loss of privacy, but also creating a framework of well-understood rights, roles, and responsibilities for government, industry, and individuals.
3. Consider creating a new government organization to oversee and regulate how private data is collected, stored, used, and protected.
4. Incentivize industry to develop and implement new privacy technologies that safeguard data as well as giving individuals the ability to manage their own privacy and protect our collective freedom. This may require an independent third party to balance the needs of all the stakeholders, including representative individuals, privacy experts, industry competitors, and the government to determine the roles, responsibilities, incentives, and regulations.

None of these steps will be easy, but I believe when it comes to managing privacy, private data, and identity integrity, we don’t really have a choice. In order to make this happen, industry, government, and privacy advocates need to move ahead in all these areas together.

We’re facing one of the greatest challenges of our century. Our enemies have already chosen identity and privacy as a combat zone. By giving citizens, industry, and government better control of privacy, we can prevent our many adversaries from even entering the battlefield—and that’s how we’ll win.

Craig Arndt is an expert in biometric systems, theory, and development and holds six U.S. patents in biometrics. He is currently a consultant to the TSA innovation task force. Previously, he served as technical director for homeland security programs at MITRE and chair of the engineering and technology department at Defense Acquisitions University. He’s a U.S. Navy veteran.