Using Data To Secure Networks: Optimizing Individual Privacy While Achieving Strong Security

On April 14, in partnership with the Center For Democracy and Technology, Intel Security, and the Hoover Institution, we held a lunch event entitled, “Using Data To Secure Networks: Optimizing Individual Privacy While Achieving Strong Security."

The event had its genesis in a conversation I had some time back with David Hoffman, Intel’s chief privacy officer, following the release of Gabriella Blum and my book, The Future of Violence. Hoffman was interested in Blum’s and my characterization of the relationship between privacy, liberty, and security as a “hostile symbiosis”; that is, we argued that security and privacy are at least as mutually reinforcing of one another as they are in tension with one another. He was interested as well in our argument that defense—including national defense—was becoming a more distributed function in which lots of different actors are playing active roles in collective security that we used to think of as the province of a unitary national government.

But David added an interesting question: What if, in order for a company like Intel to protect its customers—and Intel Security owns the security firm McAfee and is thus one of those actors—it too needs to collect data on those same customers? And what if the volume of data it needs to collect to protect people’s security, and hence their privacy, is actually not small?

This idea of using data to protect data—and networks—is more norm than exception in the real world. Crunching through large volumes of consumer data is, for example, how banks protect consumer credit card accounts from fraud; it’s how internet companies protect customers from malware and spam; and processing large volumes of data is key to government cybersecurity efforts, which have obvious privacy implications even as government collection also itself has often negative privacy implications. But the idea of data processing as key to privacy protection runs, shall we say, rather counter to the tenor of the current public debate, which treats data collection, retention, and analysis as presumptively a major privacy threat.

So we decided to have a discussion and debate on the matter. The event features an address by Chris Young, senior vice president and general manager of Intel Security, on the general cybersecurity landscape and the way the company uses data in its security operations. The address is followed by a panel discussion, which I moderated, that includes a diverse group of commentators: Greg Nojeim, senior counsel and director of CDT’s Freedom, Security and Technology Project, Susan Hennessey of Brookings and Lawfare, Daniel Weitzner of MIT’s Computer Science and Artificial Intelligence Laboratory, Laura Donohue of Georgetown Law, and Hoffman.

Here is full video of the event:

Here is an edited audio only version we ran this week as the Lawfare Podcast:

I have also asked each of the participants on the panel to write up his or her thoughts on the subject. We will be running those essays over the coming few days.

* * *

Disclosure: Intel is a generous financial supporter of Lawfare. Lawfare retains editorial control over all material appearing on Lawfare's site and subjects all submissions to its normal editorial processes.