Sunday, October 21, 2007
Gazing across the pond: Privacy in the UK
This summary is not available. Please
click here to view the post.
Sunday, October 14, 2007
Security or Transparency; different views of privacy
When it comes to dealing with private information, there tends to be two paradigms that I hear espoused most frequently; secrecy and transparency. Those who favor the secrecy paradigm believe that information needs to remain hidden from others. People who subscribe to this paradigm tend to be those who we might have usually considered privacy advocates. From this point of view comes most of the writings that you find on the topic of privacy. Implicit in most discussions of the secrecy view of privacy is that information needs to be kept secret from all other parties.
It is easy to see how to support this view; people point to the tracking information used by government databases, marketing lists and nosey neighbors as evidence of need for privacy. Stories such as how the Nazi’s used public records to track Jews are often used to show the dangers in government consolidation of private information. What is less clear is how the transparency paradigm works.
On the other side of this discussion is the idea that transparency may be the best way to deal security. This is an interesting model since it relies on two things, acquiescence to power and belief in benevolent (or controllable) leadership. In this case the idea is that certain pieces of data need to be inspected as part of contractual obligations, legal mandates or national interests. In such situations, it isn’t that the information needs to be protected from all viewers, but that the dissemination, or use of that data beyond defined limits should be banned or protected though civil litigation.
Some examples of these two views in action are Amazon.com and British Petroleum. Amazon.com has a large set of (sometimes onerous) remote access and data protection measures that are intended to protect the integrity of Amazon.com’s intellectual property. Like may high tech companies, Amazon is concerned that anyone might access it’s data inappropriately and thus has erected major hurdles to accessing this information (Hurdles that exist for those that legitimately want to access it as well).
On the other side of this discussion is British Petroleum. BP has decided to take some of its critical system (like email) and have them hosted by third parties (making them far easier to access from a governmental and legal discovery aspect). BP makes a compelling argument that any of these resources could be “discovered” though governmental powers or legal subpoenas so spending money and resources to “hide” these assets is not very valuable. In their mind, the money it would cost to implement such functions is not worth the cost.
Clearly other organizations take a different view. What is interesting is that this view is a bit like other models we see. From CEO of Sun Microsystems saying “Privacy is dead, get over it” to the explosion of social networking sites like MySpace, Orkut, Friendster and Facebook; it does appear that people do feel ok giving more of their personal information that would have been discoverable though general detective work online.
When might this matter? This week it was discovered that the NSA sought to setup warrantless wiretapping of Americans. This isn’t much of a revelation since the White House stated that this was done in a response to the 9/11 attacks. For better or worse, most Americans accepted this as a trade off of liberty for temporary security, but it now appears that this program was started before 9/11. This is a big shift from what we’ve heard before. Under the secrecy paradigm, this would be quite concerning. Effort would be spend investigating and trying to change laws to roll back this system. On the other hand, if the transparence (or disclosure) paradigm were the idea from the start, there would be no issue, worry or cost to such an action.
Some people might point out that the “transparency” view is really just a pretty package around the loss of privacy. I would point out that there are important distinctions that are part of this view though. All information is not public, it is simply managed differently. Liability would apply to its abuse while the efficient transfer of this information could facilitate the efficient adjudication of issues and protection of citizens. At the root of this view is the belief in differentiating what you want to hide and the benevolence in those that hold this information. Ultimately it’s a matter of trust and accountability. Secrecy has always been about trust, the transparency paradigm shifts the thinking around trust from a “me against the world” to an “us against the others”. Different organizations (and people) are choosing to act on each of these philosophies. Time will tell us, which works best for society.
It is easy to see how to support this view; people point to the tracking information used by government databases, marketing lists and nosey neighbors as evidence of need for privacy. Stories such as how the Nazi’s used public records to track Jews are often used to show the dangers in government consolidation of private information. What is less clear is how the transparency paradigm works.
On the other side of this discussion is the idea that transparency may be the best way to deal security. This is an interesting model since it relies on two things, acquiescence to power and belief in benevolent (or controllable) leadership. In this case the idea is that certain pieces of data need to be inspected as part of contractual obligations, legal mandates or national interests. In such situations, it isn’t that the information needs to be protected from all viewers, but that the dissemination, or use of that data beyond defined limits should be banned or protected though civil litigation.
Some examples of these two views in action are Amazon.com and British Petroleum. Amazon.com has a large set of (sometimes onerous) remote access and data protection measures that are intended to protect the integrity of Amazon.com’s intellectual property. Like may high tech companies, Amazon is concerned that anyone might access it’s data inappropriately and thus has erected major hurdles to accessing this information (Hurdles that exist for those that legitimately want to access it as well).
On the other side of this discussion is British Petroleum. BP has decided to take some of its critical system (like email) and have them hosted by third parties (making them far easier to access from a governmental and legal discovery aspect). BP makes a compelling argument that any of these resources could be “discovered” though governmental powers or legal subpoenas so spending money and resources to “hide” these assets is not very valuable. In their mind, the money it would cost to implement such functions is not worth the cost.
Clearly other organizations take a different view. What is interesting is that this view is a bit like other models we see. From CEO of Sun Microsystems saying “Privacy is dead, get over it” to the explosion of social networking sites like MySpace, Orkut, Friendster and Facebook; it does appear that people do feel ok giving more of their personal information that would have been discoverable though general detective work online.
When might this matter? This week it was discovered that the NSA sought to setup warrantless wiretapping of Americans. This isn’t much of a revelation since the White House stated that this was done in a response to the 9/11 attacks. For better or worse, most Americans accepted this as a trade off of liberty for temporary security, but it now appears that this program was started before 9/11. This is a big shift from what we’ve heard before. Under the secrecy paradigm, this would be quite concerning. Effort would be spend investigating and trying to change laws to roll back this system. On the other hand, if the transparence (or disclosure) paradigm were the idea from the start, there would be no issue, worry or cost to such an action.
Some people might point out that the “transparency” view is really just a pretty package around the loss of privacy. I would point out that there are important distinctions that are part of this view though. All information is not public, it is simply managed differently. Liability would apply to its abuse while the efficient transfer of this information could facilitate the efficient adjudication of issues and protection of citizens. At the root of this view is the belief in differentiating what you want to hide and the benevolence in those that hold this information. Ultimately it’s a matter of trust and accountability. Secrecy has always been about trust, the transparency paradigm shifts the thinking around trust from a “me against the world” to an “us against the others”. Different organizations (and people) are choosing to act on each of these philosophies. Time will tell us, which works best for society.
Sunday, October 7, 2007
Third parties are like third wheels; rarely wanted.
Much of our communications these days is sent though third parties. Indeed, it’s pretty hard to think of anything besides face to face communications (or passing notes in gym class) that doesn’t go though a third party. I’d love to use the passing notes example as one that is analogous, but the fact is that it’s only half the story. Most communications (like phone calls, wireless phones, and cell phones) pass though third parties. Those parties can monitor those communications (with varying levels of required legal permission). This isn’t anything surprising since most people know about things like wiretaps. What may be surprising is that in the cases of electronic communications; not only can your communications be intercepted; they are (in many cases) recorded and archived.
This came to many people’s attention during the Koby Bryant case. To give a quick refresher; they were combing though the alleged victim’s text messages to see what she was saying to other people after the alleged incident. The same thing happens with emails.
At issue in each of these cases is the fact that communications are stored on a third party server. That server then monitors, archives or both those communications. This means that those communications are legally discoverable and have a lower level of legal protection than other communications you may have. For example, speaking to someone, is protected since you can’t be forced to incriminate yourself (5th amendment). Recording a conversations between two parties requires both consent in many states. On top of these, parties involved in such conversations, might fight the discovery of such pieces of evidence, should they exist. On the other hand, third parties have less of an incentive to protect this information. In some cases they actually have reason not to protect it. These reasons can be anything from wanting to maintain good relations with the government (who regulates their communications though licensing), or not wanting to endure the legal costs of protecting someone else’s information.
In each of the presented cases, the take-away is that information that transfers though third parties is out of your control. Just like property (which is the paradigm that the law uses for most personal information) once you give it to someone else (like a phone company or an email service) they have a different (lower) set of incentives to keep that information safe. You should always be aware that when you pass information though others, there is the change that they may read, archive, or even change that information.
Monday, October 1, 2007
Cell Phones – Is that a locator in your pocket or are you just happy to see me?
Cell phones are a nearly ubiquitous these days. Many of us care them with us at all times and give little thought to how the technology works. I won’t go into the legal differences for cell phones vs. land lines (there are drastically different legal treatments of the two technologies when it comes to tapping the “line”) but I do want to talk a little about cell phones as tracking devices.
You’re probably used to your phone working wherever you go and you have probably never given a lot of though to the question of “how does the phone company know to make my phone ring no matter where I am?” Do they send that same ring out to every tower in all the cell networks in the world simultaneously? Of course not. So how does it know to connect your call to you, where you’re at? The answer is that your phone does a “ping” ever once in a while. This ping (much like the computer networking term and the naval term it derived from) is sent from your phone to the closest cell tower to let it know that you’re there. This way the phone company knows where to send your calls when they come in. What you may not know is that the phone companies keep these records. In effect they have a log of where you are, and have been, for years. In
Of course this information isn’t all nefarious; but it is necessary for the network, and is now required by the
Consumers are also being sold this technology. In some cases, it’s a mapping service; while in others, it’s a set of personal tracking services. Many of these are sold to parents as a way to keep track of their children. In other cases people are using the technology so they can keep in touch with their friends (Mologogo, MSSLAM).
The take away is that, whether you know it or not, your cell phone is always tracking where you are at. This data is stored for an undisclosed period of time. You are also not able to have this data deleted or keep it from being collected (unless you turn your phone off). Since this data is sent at all times your phone is on, this data provides a very descriptive set of information about where you are, and have been. I’ve known more than a few privacy advocates that use pay as you go cell phones and get new phones every month in order to diminish their traceability. This seems a bit extreme to me though each of us will decide what level of privacy we want. Remember that since this is not considered your data (legally speaking) you should be comfortable with this data being collected, and potentially sold. Some countries (like
Subscribe to:
Posts (Atom)