From: Kenneth Canfield <ksc2103@columbia.edu>
  To  : <cpc@emoglen.law.columbia.edu>
  Date: Fri, 10 Mar 2006 00:03:45 -0500

Anonymity - Yes, I do care, but then what?

I wanted to follow up on today's class with some thoughts about the
anonymity issue.  I do care about anonymity.  I would prefer that
Columbia didn't track our Internet usage in any way, and that commercial
ISPs also refrained from doing so.  I didn't raise my hand to say
anything, because I couldn't think of much else to say--yes, I want
anonymity--so then what?  I guess I never really thought about it as
something I would "take action" about, perhaps because (1) I've never
been the politically-active type (not saying that is a good thing, just
that it's true), (2) I'm not aware of the full extent to which Columbia
and commercial ISPs evade our privacy, and/or (3) I might not care quite
enough even though I care and want to care.

With respect to (3), this goes back to what we've grappled with over the
past few weeks concerning why people seem so willing to give up
information about themselves.  Part of it could be that until something
happens to one of us or someone we know personally, we still think that
it's no big deal, that there's no way they (companies or government) are
focusing on *us* when there are all of those bad people out there who
deserve their attention.  So while I think that I should care about
privacy, and often try to convince my friends that they should care too,
I always have some underlying doubts about the full extent that I am
concerned.  I say they should encrypt things, and shouldn't use gmail,
but then I communicate with them without encryption, and email them at
their gmail accounts.

With respect to (1), while I've never been much into politics and
activism (again, not necessarily a good thing), I've always liked
technology.  And I've believed there are technological solutions, to
some extent, to the privacy issue, such as encrypting email and instant
message conversations, and using tor for web browsing.  Unfortunately, I
know only 1 person who wants to encrypt email messages, no one who wants
to encrypt im messages, and I haven't succeeded in getting tor working
yet for some reason.  But in any case, I think that once I put the time
in to get tor working, and succeed in convincing my friends that privacy
is something I should care about, at least from my end, I'll have a
pretty good amount of privacy (no pun intended).  The convincing the
friends part will be the harder thing, because as I think I've mentioned
in another message to this list, whenever I bring up the subject, the
reply is "like we say anything that we should worry about."  And then I
don't know exactly how to respond.  I can say, "but still, privacy is
good, I don't want people compiling our information, selling it to
others, and doing who knows what with it," but since most people don't
care, my email and instant messages are as non-private as anyone's.

A big reason for my lack of any sort of activism is probably that I
think I've always thought about the privacy issue as something that
users have a good amount of control of regardless of what the government
or big companies are doing to try to take our privacy away.  Activism
might consist of teaching people about what is happening and what they
can do about it, which relates to (2) above.  Even those of us who are
very into technology probably don't have a full grasp of what is going
on.  Reading O'Harrow's book and having our discussions in class helped
somewhat, but until we see bad impacts up close/first hand, I don't know
if we'll fully grasp it (at least in my case).

I try to think about where I would actually take a stand and draw the
line.  I submit to whatever Columbia/ISPs are doing whenever I read the
Internet, and I don't refuse to talk to my friends who don't encrypt
email or who use gmail despite my pleadings for them to stop.  Moving
away from the Internet, I use EZPass when I drive, use a club card at
Duane Reade, make as many of my purchases as possible with my credit
card, and use my cellphone--and aside from the Duane Reade card, I can't
imagine not doing these things.  I would think that I would refuse to
give my thumb print as a payment method, but now we are talking about a
whole different level of intrusion, because as Eben has pointed out in
class, once someone steals a biometric identifying, there isn't much we
can do.  But I have never been faced with that situation, and thus have
so far lived without even achieving the level of privacy that I can
easily achieve with simple technological measures.  And even though it
makes me feel guilty in a way, I know that I'm going to continue doing
it, if I'm unsuccessful getting tor to work for me or getting others to
use encryption.

-----------------------------------------------------------------
Computers, Privacy, and the Constitution mailing list