Computers, Privacy & the Constitution

Questions and Discussion

Privacy Guarding Post Office?

Even though the 4th Amendment is pretty much dead because it gives no protection to identities, Eben mentioned that savvy individuals could overcome or evade the invasion of privacy through methods of self-created privacy and pseudonymity. When it comes to purely digital exchanges in the network society, these tools include encryption and the like, but is there a ready analog to prevent the linking of network and physical-world activities? Obviously, if digital cash had succeeded, it would be much easier to de-link one's online and offline activities, since credit card information and shipping addresses (in the case of online shopping) can be accessed with a subpoena blank.

However, would it be possible to establish something like a private post office/purchasing agent? For the sake of this example, let's call it the Privacy Guarding Post Office (PGPO). The idea would be that customers would put money in an anonymized account (through some simple encryption) that would generate temporary credit card numbers for use online (and probably with the PGPO listed as the purchaser for credit reasons), such that any tracking would only lead back to the PGPO, which would retain no personal data whatsoever. Any products that would be shipped to customers of the PGPO would be mailed to a "P.O. box," again determined through encryption methods and possibly re-routed internally or from office to office to further anonymize the pattern of delivery. Ideally, such a system would be engineered such that the PGPO retains no knowledge of the customers' identities or the contents of their activities.

In terms of weaknesses, I anticipate that there could be significant transaction costs that might make the service too expensive to attract a sufficient customer base to meet even its fixed costs of operation. After all, as Google has readily shown, people don't mind selling their rights for a nickel. However, if there are enough people who value their privacy, that might not be the biggest issue. The more likely weakness is that such an institution would drive the state (and especially national security people) insane, and the institution would not survive the need to inspect the contents of delivery (for fear of terrorism and child pornography—after all, why else would you use such a service?). Of course, the last point is precisely why the 4th Amendment is probably going to stay dead: the exceptions have swallowed the rule.

-- RickSchwartz - 16 Feb 2009

Another issue I find, when pondering such a system, is how one would validate their identity without having submitted any identifying information. This could potentially lead to issues of making it easy to steal money from accounts, since the "owners" might not be able to convincingly prove it their own. Remembering that even the "anonymous" Swiss Banks store customer information, would it be a partial solution to have minimal records on file, but located on servers outside the country? (I am only marginally familiar with international law, but I imagine it would be at least somewhat more difficult for the US government to obtain access to such records)

-- JonathanBonilla - 27 Feb 2009

Jonathan's comment brings up the importance of the difference between authentication and identification. Authentication really only requires proving access, while identification requires proving that you are a given person, which goes to show that you have access. It is perfectly easy to remove the step in a given system of needing to determine which human being is the one requesting access. For example, E*TRADE hands out these RSA key generators when you sign up for an account; such a device could easily be employed with a bank account if people thought them secure enough. The point about identification vs. authentication is crucial though; people are trained to assume that identities are proof of something when it is the right of access that is important.

-- RickSchwartz - 27 Feb 2009


A New National Security Exclusionary Rule?

My last question implicated the rule-swallowing exception of "national security" as a justification for unlimited state access to any and all data it chooses to request. Given the political power behind this impulse and the calibration of the 4th Amendment to places, rather than identities, that exception seems likely to remain the real rule. Now, this may be nothing more than extremely wishful thinking, but one potentially politically feasible way to blunt the force of the exception might be to officially grant the state as much access as is necessary to achieve its national security objectives (since it would take that access anyway), but require the sequestration of all of that data within the national security agencies (a sort of reverse silver platter rule). This would require some form of legislation, possibly justified by the need for data integrity within that agency or a compromise for privacy (which liberals sometimes pay lip-service to before retrenching on their promises), such that there is an exclusionary rule once the data has been collected for national security reasons. Essentially, if the state chose to collect data for national security, it couldn't hand over that data to law enforcement personnel or use it in any other contexts, and any such data that could be shown to have been collected for national security would have the presumption that it was derived from that collection and therefore inadmissible as evidence. Such a rule would also encourage the state to be a lot more selective about which data it collects for fear of undercutting its other law enforcement objectives.

Of course, mere inadmissibility into evidence is not going to blunt the full potential force of data that has been collected, since the state can threaten autonomy without even reaching proceedings requiring the introduction of evidence. Furthermore, there would be little to no transparency to determine whether or not information sharing is actually occurring between federal agents, or whether the law enforcement personnel are getting "tips" from the national security personnel. And given Congress' willingness to sanction the invasion of privacy in the face of public outrage, it seems unlikely that such legislation would pass any time soon.

-- RickSchwartz - 16 Feb 2009

Some combination of prepaid visa gift cards purchased with cash and P.O. Boxes should be relatively effective at decoupling your online purchasing activities, no?

I like the idea of sequestering information obtained for national security purposes. But, as you acknoledge, even if that data can't be admitted during court proceedings or used for other official government adjudication, there are many ways in which it can still be misused. I think my biggest concern is that the data can be analyzed and then used to influence/nudge you towards making decisions that tend to benefit the established holders of power in ways that are not readily detectable. Spreading misinformation through social networks by identifying the most persuasive individuals within one's group of friends, for example, and bribing/threatening them so they become agents in the misinformation scheme. The scariest loss of autonomy is the kind that is least salient to the victims. That's what mass data collection and data mining enable.

-- AndreiVoinigescu - 17 Feb 2009

I vaguely remember Professor Mann saying that the reason why prepaid cards, etc. are not nearly as popular in the US as they are in other countries is precisely because the US government has squelched them at every opportunity. The DOJ did recommend putting more restrictions on prepaid cards within the Violent Crime and Anti-Terrorism Act proposed in 2007 (basically requiring you to fill out a report if you carried more than 10k on your card across the border), and probably other legislation I'm not aware of. Money laundering trumps privacy around here. So good luck with that as your privacy solution.

I think the exclusionary rule would be important in the confines of a trial, but I'm hesitant to say that no information sharing should ever occur. If I'm not mistaken, it was precisely that sort of Chinese Wall (Screen) that was later blamed for 9/11 and led to the establishment of the Dept of Homeland Security because agencies were not effectively communicating and were creating turf wars. I would say that this is still a problem. Example: When my dad went to get a security clearance from the Dept of Homeland Security, he was told they didn't have papers confirming his citizenship and asked HIM to send it to THEM. Problem? I think so. What that means is that if my dad gets questioned for anything one day, he could face who knows how long in some immigration detention facility (or worse) all because these fools can't even keep citizenship records straight.

-- KateVershov - 21 Feb 2009

I wouldn't be so quick to jump to the conclusion that the government's failure to possess and coordinate citizenship information on everyone currently or potentially within U.S. borders is such a bad thing, even if you were to grant a lot of leeway in accomplishing the professed security objectives.

For one thing, by assuming a valid need for access to information on everyone by any part of the state at any time, you necessarily justify unlimited increases in surveillance used to monitor the people who either intentionally or unintentionally avoid interaction with the government (e.g., illegal immigrants or people born within the U.S. who feel no need to get passports, who amount to something around 70% of the population based on my back-of-the-envelope calculations). This is the equivalent of switching from an opt-in to an opt-out (even though you can't really opt-out, so maybe a better term would be "you're-in") system of information collection and handling, which you might think is appropriate for "homeland security" purposes, but imposes huge costs on privacy because all of this information possession can be used to limit individual autonomy through whatever form of intimidation a cop or prosecutor or federal agent wants to apply, if given access to a you're-in system. An opt-in system, of course, could still exist and satisfy most homeland security objectives if the opting-in were merely some kind of activity that actually implicated some kind of security threat, rather than just sweeping everyone into the surveillance system at once. While the immense practical and logistical implications of collecting those amounts of data used to be prohibitively costly, today those costs are trivial, and consequently the state now has no natural backstop to prevent total information collection.

All this being said, as Kate's father's experience indicates, we are in the midst of that very transition from opt-in to you're-in, and are in a position to determine what happens in that transition. Regardless of whether or not the homeland security hawks get their way and the state is directly collecting all this information, the information collection will happen as it is already being done by private entities subject to subpoena. Our job is to figure out how it will be used. As I suggested, one way to keep the system limited in some respect might well be to impose these "Chinese Walls" and prevent information sharing that would enable the state's use of information beyond the "concededly valid" goals of homeland security.

-- RickSchwartz - 22 Feb 2009

I don't think Kate's point was that less than perfect coordination of data was a problem per se, but just that some data sharing is going to be necessary, particularly in the kind of state we are becoming. (forgive me Kate if I got your point wrong.) The failure to have citizenship records is an excellent example of a place where you might want data sharing - this doesn't rule out chinese walls, but it certainly indicates, as you note, that there are places where having centralized information may be important.

I think Kate's other point is right on. Politically, what you are asking law enforcement, etc. to do is to become less effective for the sake of people's privacy. You can argue that the trade-off is too great, or that the agencies forced behind the screen would not actually lose effectiveness, but all it takes for a counter-argument is a single publicized event that could have been avoided by information sharing. I think it is too easy for the powers that be to point to a murder or child abduction and say, "we would have been able to stop this if we had access to more information." The dangers of the slow erosion of privacy are difficult to paint in such concrete and effective terms.

-- TheodoreSmith - 22 Feb 2009

I apologize if I gave the impression that I thought information sharing wouldn't increase the efficacy of government (and sometimes in desirable ways); I absolutely agree that such is the case. I was merely pointing out that enhancing government efficacy is something to caution against because of the floodgates such a rationale opens, though such a position seems to lack political power these days. Perhaps that lack of political or rhetorical persuasiveness indicates that this the lever we ought to be pulling.

For example, how can we effectively communicate that the quantity of American lives lost to terrorism (3,000 lives lost on 9/11 + 400 in Afghanistan + 4,300 in Iraq averages out to about 1,000 per year) pales in comparison to the 750,000+ deaths per year caused by conventional medicine (of which around 100,000 are the results of drugs which may have been misprescribed because of our permissive attitude toward privacy)? Can we ever convince America to accept terrorism as an acceptable cost of freedom as we do with, to take a slightly more benign example, the the 40,000 deaths per year resulting from automobile accidents? The national security cost-benefit analysis seems to be horrendously misperceived compared to policy areas like automobiles, where we easily accept these mortalities as an acceptable cost of the gained freedom and autonomy to go from point to point more efficiently. We could, but don't, eradicate this autonomy by banning cars and having a totally public transportation system created at incredible cost for the sake of saving lives and "increasing security." Freedom and autonomy both require accepting certain losses, and Americans lack either the desire or ability to comprehend the bargain in the case of national security.

-- RickSchwartz - 22 Feb 2009

I thank Theodore because he clarified my position perfectly. But, I would add that if the government were more efficient with the information it ALREADY has (and that information was available to various branches of law enforcement), much of which is not controversial, then perhaps there would be less of a need for new types of information to be entered.

Further, if the government did maintain adequate records, then some abuses could be avoided. Consider the TALON program as an example. TALON, a very large database containing records of US citizens who attended protests, among others, was maintained by the Air Force after 9/11. Among the many abuses of the database was the fact that the US Army also accessed and contributed to it. This is a major violation because the US Army is generally not allowed to conduct domestic surveillance or directly deal with US citizens in criminal matters. Yet it cannot be the case that we would ever accept an explanation from the army stating "oops, sorry, we didn't know you were a citizen." The flying blacklists that innocent Americans with the wrong names can't ever seem to get off of is another example. Governmental inefficiency should not be an ostrich-like ignorance defense to the violation of civil liberties. A government that simultaneously can't keep track of the basics, but that also engages in in-depth spying is the most dangerous of combinations.

-- KateVershov - 26 Feb 2009


Do We Need a New Internet?

I don't know if people saw John Markoff's article, "Do We Need A New Internet?" in this weekend's NY Times, but I thought it was an interesting piece. Though not completely on topic (in terms of our discussion of the Fourth Amendment), it raises some interesting issues and questions that are worth thinking about. I'm interested to hear what people have to say about it.

-- AlexLawrence - 16 Feb 2009

I see the push for a New Internet more in PartOne terms than in PartFour terms: as an attempt to undo the gains in anonymity allowed by the Old Internet (with their positive and negative consequences).

-- DanielHarris - 17 Feb 2009

The threat from malware and botnets is definitely real and growing. It's facilitated in equal parts by anonymity and the public's general ignorance about the pedigree posed by the code they run on their computers, which (thankfully) remain open platforms. Jonathan Zittrain has proposed some potential approaches to dealing with malware that try to preserve the benefits of anonymity and open platform. While I think there's a certain element of romanticism to some of his proposals, he's probably asking the right questions. It's too early to throw in the towel on the substantial positives of anonymity and open platforms.

-- AndreiVoinigescu - 17 Feb 2009

My problem with this proposal is that it promotes the misconception of "the Internet" as some physical thing that can be used or changed, when I think we all understand by now that "the Internet" merely stands for the set of social conditions whereby instantaneous communication between any two computers is possible without intermediation, made possible by the universality of communication via TCP/IP and other protocols. There is simply no way to discard this set of social conditions now that the tools exist to implement them somewhere. What might occur is simply a permutation of the trend of consumers conceding freedom in exchange for perceived security, which will take the form of closed and opaque protocols, kept secret and proprietary so that people will be "safe" from malware. It will likely be an inferior product, collect untold amounts of private data, and further lock consumers into whatever service offers it first.

-- RickSchwartz - 17 Feb 2009

Rick - I don't know if the terminology point is so important though. It is very useful to talk about the Internet as a social condition, as Eben does; however, this article is using "the Internet" to refer to the physical structures and protocols that make the social condition of the Internet possible. I don't think this is wrong, though it is confusing. We really need two different terms; however, until we come up with better language, I don't feel like it is useful to say that the word can only mean one thing. We clearly need a word for the latter, and that word is currently "Internet," which is unfortunately the same as the common word "Internet."

-- TheodoreSmith - 22 Feb 2009

It's interesting that the terms of the debate is always put in all-or-nothing trade-offs. Either we keep the problem-laden, insecure, and ill-conceived "Internet" or we trade off open platforms, anonymity and privacy for "something better". There seems to be a bit of a disconnect in Markoff's piece. He moves from challenges to network security (like the Conficker story) and, in an unusual non-sequitor, concludes that the libertarian ethos of anonymity and privacy built into the Internet's code is a big obstacle to addressing security concerns. But really, the problem posed by Conficker and the other anecdotes about botnets and malware have nothing to do with privacy and anonymity. They're the result of network software and operating systems badly written by people who care little about end-user security concerns. Sure, isolated incidents of hacking or informational espionage are network and national security challenges, but this happens not because of any inherent TCP/IP vulnerability or weakness, but network administrators not doing their diligence; or industry coders getting programs out on the market for consumption without properly locking things down for security purposes.

-- JonPenney - 23 Feb 2009

It's true. I think the all or nothing comes in when they look at the distributed anarchic network and try to figure out how to solve problems like security - it seems impossible, so they turn to the tried and true solution of making the whole thing "belong" to someone. It reminds me of a recent article about the prosecution in the Pirate Bay lawsuit trying to understand the structure of authority. The problem is that the question doesn't really even make sense, but when you have a cultural predicated on ownership and hierarchy, the only way to solve these problems is to conceptually impose structure on the anarchic system.

Which I guess why Rick is totally right about the language thing: using "internet" in terms of the physical and non-physical entities that make up the network gives it a concrete conceptual identity and makes it possible to ask questions like "who owns the internet." I mean, this question would still come up, even if we made up some other random term for the specific extant network ("who owns the 'puppyweb'"), but it might be less confusing? Maybe it would be more confusing, as I think most people don't use the term 'internet' to refer to a social condition ("the internet is down" is usually not making a statement about human communications). Maybe it would be more clear to abandon "internet" to the ravages of common usage and develop a new term for interconnectedness?

-- TheodoreSmith - 24 Feb 2009

I'd also argue that the all-or-nothing mantra is guided by prosecutors/law enforcement officers who are much like doctors: a cardiologist knows the heart and so assumes all of your problems can be fixed by fixing the heart; so, too, a prosecutor looks at malware and worms and assumes all of your problems can be fixed by law. As Lessig has beaten to death at this point: conduct on the Internet is informed by much more than law.

-- KateVershov - 26 Feb 2009

Ted: Agreed, though I suspect that abandoning "internet" for new language, would leave it, and our interests in it, even more vulnerable to abuse.

Complete security is chimeric. Security will remain a concern in any system; and framing the debate in terms of how much freedom and privacy people must relinquish for security obfuscates that simple fact. But I guess that's the point, isn't it?

-- JonPenney - 06 Mar 2009



Webs Webs

r16 - 05 Jan 2010 - 21:58:07 - IanSullivan
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM