Tuesday, May 18, 2004

Security and Warrants

In his latest newsletter, Bruce Schneier argues for the warrant as an essential (sociopolitical) control over certain security mechanisms (such as electronic surveillance).

Certain acts (for example, search or surveillance) are “security-charged”. By this I mean that these acts alter the geometry of risk for affected stakeholders. These acts are permitted under rules that are supposed to minimize the invasion of privacy while maximizing the effectiveness of crime prevention and criminal prosecution. Some of these acts (such as wire-tapping or domestic search) may require a warrant. A warrant is the authority to perform some security-charged act, granted by an independent body (such as a magistrate).

Schneier argues (and I agree with him) that if old methods of search and surveillance require a warrant, then new technological methods should also require a warrant. In other words, the rules should be expressed in technologically neutral terms, should not have technological loopholes, and should not be constantly lagging behind technological innovation.

But I have a more general concern about these security-charged acts. There is a need for a properly constituted governance function, which is much broader in powers than simply granting or denying a warrant in a particular instance. Governance has to do with setting objectives and priorities, making appropriate judgements about security trade-offs, deciding where to allocate security resources to achieve the best results with minimum social and economic cost.