COMMENT | Encryption Tragedy: How the Security Dilemma is Poisoning Cyberspace

By Steve Hersee (@stevehersee)

The British state often claim that encryption and other security measures are turning the Internet into a “dark and ungoverned space, which is in danger of becoming an anarchic haven for terrorists and criminals (Hogan-Howe, 2014; Cameron, 2015). Likewise, the Digital Rights Movement (DRM) claim that efforts to ‘undermine’ encryption and advanced security measures represent a threat to individual privacy and security (Muižnieks, 2013; Schneier, 2015; Berners-Lee, 2012). Technical and legislative moves by the state to ensure that the security agencies maintain their ability to access online communications are met with protest from the DRM, who claim that these measures threaten democracy, privacy and other human rights. Similarly, the introduction of technical or legal measures to protect technology users from criminal hacking or state surveillance are met by equally loud protests from the state, which claims that these measures threaten national security and will lead to terrorism and increased criminality.

Extreme rhetoric from each side frames this issue as a zero-sum game between privacy and security, making compromise and co-operation difficult. In the dispute between Apple and the FBI last year – over access to the iPhone of a US terrorist (see my previous blog on this subject) – supporters of the FBI claimed that Apple had chosen to “protect a dead ISIS terrorist’s privacy over the security of the American people”, whereas Apple’s Tim Cook claimed that giving in to the FBI’s demands would be like creating the “software equivalent of cancer” (ABC News, 2016; Senator Tom Cotton, 2016). When each extreme is so threatening, what hope is there for a reasonable resolution?

This problem reminds me of the concept of the Security Dilemma, a term coined by John Herz in 1950 to explain arms races between fearful national states (Herz, 1950). Herz described how states are naturally:

“concerned about their security from being attacked, subjected, dominated, or annihilated by other groups and individuals. Striving to attain security from such attack, they are driven to acquire more and more power in order to escape the impact of the power of others.

This, in turn, renders the others more insecure and compels them to prepare for the worst. Since none can ever feel entirely secure in such a world of competing units, power competition ensues, and the vicious circle of security and power accumulation is on”.

Within the Security Dilemma, two countries engage in an arms race because they both see their own militaries as defensive in nature and their adversaries as offensive. It is enlightening to apply this concept of a spiralling arms race to the issues of encryption and state surveillance.

  • State: Cyberspace is enabling criminality and terrorism so we must build a surveillance capability to defend the country against this threat.
  • DRM: State surveillance is a threat to individual privacy so we must defend our communications through the use of encryption and other security technologies.
  • State: Encryption is threatening our ability to enforce the rule of law in cyberspace and protect the country from a variety of threats so we must take steps to undermine, bypass, break or legislate for the removal of encryption in order to allow us to defend against threats to National Security.
  • DRM: Encryption is under threat so we must defend it through any technological and legal means at our disposal.

The spiral continues, with each side viewing their own actions as defensive and the other’s as threatening. But what could be behind this damaging cycle? Herbert Butterfield argues that the problem of the Security Dilemma lies in the inability of each side to understand the other’s intentions:

“you yourself may vividly feel the terrible fear that you have of the other party, but you cannot enter the other man’s counter fear, or even understand why he should be particularly nervous. For you yourself know that you mean him no harm, and that you want nothing from him save guarantees for your own safety; and it is never possible for you to realise or remember properly that since he cannot see the inside of your mind, he can never have the same assurances of your intentions that you have. As this operates on both sides” (Butterfield, 1951)

Butterfield (1951) describes this scenario as a tragedy as he observes that “the greatest war in history could be produced…between two powers both of which both were desperately anxious to avoid conflict of any sort.” The issues of encryption and state surveillance reflect Butterfield’s observations. In the minds of GCHQ and the British state, they know they have no interest in attacking individual privacy or security and it is difficult for them to understand why ‘the other side’ would fear this. Surveillance is a defensive measure to counter the very real threats from criminals and terrorists. Likewise, the DRM know that they have no interest in preventing the state from combatting criminality or terrorism and it is difficult for them to understand why ‘the other side’ would fear this. As Butterfield (1951) puts it, neither side sees the nature of the predicament that he is in, for each only imagines that the other party is being hostile and unreasonable.”


Security Dilemmas such as these can relate to either Compatible or Incompatible Security. In the Compatible Security scenario, it is possible to find a way by which each side can feel safe, but in the Incompatible Security scenario this is impossible as only through total military superiority or conquest would each stop fearing the other. On the surface it would appear that encryption and state surveillance bring about an incompatible security dilemma; only through access to all communications might the state feel safe and only through the protection of all communications might the DRM feel safe. But as Kenneth Boulding (1969) explains, Incompatible Security may sometimes be an illusion:

“The other form of incompatibility might be called ‘illusory’ incompatibility, in which there exists a condition of compatibility which would satisfy the ‘real’ interests of the two parties but in which the dynamics of the situation or illusions of the parties create a situation of … misunderstandings, with increased hostility simply as a result of the reactions of the parties to each other, not as a result of any basic differences of interests.”

Perhaps, then, the incompatibility between security and privacy is an illusion and the so called Crypto Wars (currently in version 2.0) are the result of a Butterfieldian Encryption Tragedy; created through mutual misunderstanding, rather than any real difference of interest. Once each side recognises how their own defensive actions may appear threatening to the other, then perhaps peace talks can begin.


Source: AZ Quotes


Steve Hersee is a Cyber Security Researcher jointly supervised by the Information Security Group and Department of Geography at Royal Holloway, University of London. He is studying threat construction in cyberspace, focussing on the roles of the state and the digital rights movement. He can be #hunted down on Twitter @stevehersee


ABC News. (2016). Apple CEO Tim Cook Sits Down With David Muir (Extended Interview). Retrieved from ABC News:

Berners-Lee, T. (2012, April 17). Tim Berners-Lee urges government to stop the snooping bill. Retrieved from Guardian Online:

Boulding, K. (1969). National Images and International Systems. International Politics and Foreign Policy, 422-431.

Butterfield, H. (1951). History and Human Relations. 21.

Cameron, D. (2015, January 12). David Cameron Wants To Ban Encryption. Retrieved from Business Insider:

Herz, J. (1950). Idealist Internationalism and the Security Dilemma. World Politics, 157-180.

Hogan-Howe, S. B. (2014, November 6). Internet is becoming a ‘dark and ungoverned space’, says Met chief. Retrieved from The Telegraph:

Muižnieks, N. (2013, October 24). Human rights at risk when secret surveillance spreads. Retrieved from Concil of Europe:

Schneier, B. (2015, July 6). Bruce Schneier: David Cameron’s proposed encryption ban would ‘destroy the internet’. Retrieved from Business Insider:

Senator Tom Cotton. (2016, February 17). Cotton Statement on Apple’s Refusal to Obey a Judge’s Order to Assist the FBI in a Terrorism Investigation. Retrieved from


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s