Index:
[thread]
[date]
[subject]
[author]
From: Alexander van der Wolk <av2139@columbia.edu>
To : <CPC@emoglen.law.columbia.edu>
Date: Thu, 20 Apr 2006 10:07:48 -0400
[CPC] Paper 2 - Digital Privacy; an Oxymoron? (graduating)
“Digital Privacy”; an Oxymoron?
There are two inherent problems with digital data, particularly
related to privacy: a) it cannot be unlearned, and b) the current
networked environment is not set up to allow complete autonomy.
Given this notion, the question is whether digital privacy is an
oxymoron, such as “airline food” or “Microsoft Works”. Is it at all
possible to maintain privacy[1] in an online environment, or is it
really a contradiction in terms, impossible to achieve?
The government and Microsoft seem to have in common the concept of
‘security’ in their respective motivations for learning your data.
Their both approach in implementing this security is through
obscurity. As long as you don’t know what happens behind the
curtain, they will call the play safe. But if we would know what
happens, security would be breached, and so the level of security
follows from the strength of the curtain.
This concept of security is built on fear, and lacks every form of
trust /in/ its ‘users’, while demanding a very high level of trust /
from/ its users. Security through obscurity is therefore like
compelling trust. “I won’t tell you how security is enforced, but
you’d better trust me, or else all is doomed.” This ‘trust’ is
enforced by tightening the screws on user liberties with respect to
what is being secured. And so the message they send out is: in order
to secure freedom, we need to limit freedom. Right.
Security built on fear is premised on the concept of marketing. Keep
indoctrinating that anything else is unsafe, and long enough people
will start believing it. “You want a better internet? You belong at
AOL.” Security, just like the net, is sold as a product, packaged in
nice little boxes which we pick up on the go. “Did you want security
with your fries?”
But the problem, as with all mis-applied product approaches to
intangibles, is that they’re incorrect and stupid. Access to the net
is not subject to ownership, any less than security or privacy is
susceptible to conceptualization. Just like the net is a social
status, in which access should be a fundamental right of those part
of society, security and privacy are the individual’s conditions on
taking part in that society. They flow directly from the behavior of
the individual, and are therefore in the direct realm of influence of
the individual. Just like every child is taught not to go with
strangers on the street, they should also be taught how to behave in
a networked society, and take responsibility for their digital identity.
If we want to maintain freedom, let’s start with practicing freedom.
Free Software works because everyone can see how it works. Every
aspect of it can be examined and scrutinized, and every vulnerability
can be criticized and improved. Its effectivity is subject to public
discussion, and its result is therefore greater than the sum of its
parts. In order to convert “digital privacy” from an antagonistic
notion to synergy, we need to make “digital” as much part of us as
“privacy”.
One of the current challenges of openness of data is the way in which
to achieve it. Compelling openness requires the involvement of the
legislator, which demands a change in mindset at government level.
Also, it’s the kind of approach of fighting fire with fire, with its
own effects and results. It requires enforcement in order to be
effective. I’m not saying it is a road that shouldn’t be pursued,
but for the short term it might not be as successful.
Choosing openness seems to be – for the moment – a better option.
Windows is currently the de facto standard in operating systems
(which is why most people don’t know a thing about computing),
because people choose to follow other people. It’s this nice little
feature of humanity.
But Microsoft’s empire is crumbling. As Microsoft pushes for more
imposed ‘security’, they will find themselves in a compromising
position in which consumers are just not buying it any more.[2]
Businesses move away from product based models and enter into service
based models, because competition for products in zero-marginal
markets just doesn’t make money anymore.
Privacy has too long been a second tier interest. When it comes to
convenience, ease and service, the one thing that is signed away
easily are our identities. What we need is a change of mindframe.
Starting with a realization that our online identity does represent
value, and that it is something that we should be concerned with.
“Digital security”, therefore, is not an oxymoron, but a pars pro
toto. It denominates a mindset from which both privacy and security
can be built, while effectuating our participation in a networked
environment.
Will it work? Well, for now you have to differentiate between which
areas you want it applied in. For digital uses, such as personal
computing and net participation I am convinced this will become a new
standard. As Microsoft’s quest for control over the personal
computer advances, it creates a system hanging together by a myriad
of threads, which won’t sustain for a long time. Web based services
will move towards open models in which privacy will become a center
player. The Higgins project is a very nice example of this.[3]
As for government use; that might take a little longer. I am
faithful, however, that as we will increasingly see that security is
best served by a system of transparent checks and balances,
governments will start to realize that their paradoxical approach to
security in the ‘interest’ of freedom will not work. I am not
arguing that secret services will disappear, but I am confident that
our digital communications and existence will move towards a realm of
real security.
[1] In this paper I use privacy in the sense of autonomy over
individual identity.
[2] For an analysis of the potential of Trusted Computing I refer to
my research paper: http://www.xs4all.nl/~avdwolk/coldcuts/ColdCuts/
Papers.html (forthcoming).
[3] Project Higgins, available at: http://www.eclipse.org/higgins/.
-----------------------------------------------------------------
Computers, Privacy, and the Constitution mailing list
Index:
[thread]
[date]
[subject]
[author]