We’re experiencing a fundamental shift in the way in which security is achieved. This shift is, I think, best described by examining the differing characterizations of the ‘before’ and ‘after’ states. The before state is one characterized by a general lack of data. Universal data collection was, for a variety of technological and cultural reasons, not being done. An individual enjoyed the benefits of safety in numbers simply by default, without having to take any special action. An entity wishing to obtain more information about that person, perhaps wishing to compile a profile on that individual, would need to specifically target that person for surveillance.
In the current state of things, that basic, default protection is gone. We’re now living in a world characterized by big data. An individual must themselves take action should they wish to benefit from safety in numbers in the fashion they used to enjoy. A burden of action has been introduced. Profiles are compiled on individuals automatically, and our technology-centric culture acts to accelerate that process.
An agent who needs to remain undercover would have, under the old mode, avoided doing anything that would draw attention to them. At best, surveillance was ad-hoc. The only way LEO would have become aware of the presence of a bad actor was necessarily for that bad actor to leave the group for whom no data existed, and to join the smaller group for whom data points existed. This is the core of the change. The relative sizes of the groups has just recently been rebalanced such that the 'lacks data' group is smaller than its counterpart.
Assuming this is the case, consider the following scenario:
There's a state agent in foreign territory, doing clandestine things. The agent wants to acquire information from a secure site, and so proceeds to case the joint. Under the old mode, the agent's play would have been to avoid all detection: avoid being seen by any person, any surveillance device, etc. She'd avoid anyone knowing where she was when she cased the place and, excluding fairly specific circumstances (eg. plausible deniability), she'd avoid being seen anywhere at the time. ‘Untechnically’, she'd stay under the radar; she would, to the best of her ability, attempt to convince her environment that she didn’t exist. This is equivalent to trying to join the majority - the unsurveiled mass. No single entity (eg. some tanky state) would know where everyone was at all times, and so, for its part, would be spending its enforcement resources collecting information on targets: gathering metadata, with the purpose of making it easier to, in future, maintain that individual in the minority population of the surveilled.
Now consider a modern agent. The agent lives in an environment which ubiquitously collects data on all of its inhabitants. This is done both passively (eg. by retaining demographic data collected for mundane purposes) and actively (eg. a van on their block, targeted hacking, etc). Now this agent also wants to acquire information from a secure site, and must also necessarily begin with data gathering. However, if this agent pursues the same 'going off the grid' tactic as her predecessor, instead of joining the majority and increasing her security, she would join the minority, and by doing so functionally decrease her security. Her best tactic, her most secure play, which we’ll operationalize here as a tendency or movement toward the majority1, would be to carefully manage the collection of her data such that she is indistinguishable from the rest of the population (ie. the majority). When she cased the site, she’d carefully curate the data she presented for collection such that an observer couldn’t distinguish her from the data-saturated majority.
The fundamentals don't change. The first steps in rocket science, hacking, romance, and knocking off the corner store are all the same: observation. Similarly fundamental is the security precept of tending toward the majority. Minorities are inherently insecure, and however you may feel about the idea of security as a zero-sum game, history is rife with examples.
A wee, off-the-cuff remark on superficially contrary examples:
But what about the Alawites, or Baathists you ask? These are small groups which dominated larger groups, and directly hampered the security of the majority. Both were set up by foreign powers. Find me one that wasn't the direct result of an enormous asymmetry where in fact a majority wanted these parties in power. Though it's so popular as to be a trope, given our scope here, we'll simply blame Pico-Sykes and the Seven Sisters, which both represent forces vastly more powerful than the minor majorities subdued by the aforementioned middle eastern puppets. Ask yourself why Napoleon scared the velvet pants off of *everyone*.
Notes:
- This is crucial to the ideas being explored here. While the whole piece is oriented toward a notion of security in terms of camouflage, or anonymity, it still inherently shares characteristics with other security-related conceptualizations. The idea that tending toward a majority enhances security I derived from F.A. Hayek’s The Road to Serfdom, in which he describes the idea in terms of the rise of national socialism in Germany during the 1930s and the ‘safety’ derived by association with the Nazis.