[Dave Birch] I’m a fan of Privacy Enhancing Technologies (PETs), but I recognise that however much sense they make to individuals, they must make sense to organisations as well
. As this points out, they haven’t so far. Many PETs weren’t very practical to use even though they were technically-appealing to people like me. The dedicated, paranoid and perhaps even the criminal can surf anonymously with a little latency but as soon as you want to carry out an online transaction, sign on to a site, make a purchase, or otherwise (as the article nicely phrases it) become engaged online in a sustained way, you end up having to identity yourself. The people who take this seriously are serious about the weakest link: however vigilant you might be most of the time, it only takes one slip to ruin it and then the double-glazing web site has your mobile phone number. Doing anything about this — for most people — need both a lot more knowledge of the technology and the issues and a lot more work. And that has killed it before: online privacy was just too much work. And, anyway, the benefits of online privacy tended to pale in the face of immediate gratification needs, and greater conveniences, personalization, efficiency, and essential connectedness afforded by consent and trust. The privacy emphasis slides inexorably towards holding others accountable for the personal information they must inevitably collect about us, not PETs. This leads to a situation where for those people concerned privacy (which is not actually the majority of the population, whatever they may say in surveys) the realistic way to protect themselves is to essentially withdraw from society: electronic abstinence. I’m looking forward to discussing these issues at the Enterprise Privacy Group
next week and will report back with (I’m sure) some new ideas for getting over these barriers.
Technorati Tags: identity, privacy
So are PETs dead? Nothing more than a niche market for paranoids and criminals, or a public relations exercise to assuage specific customer fears and to build brand confidence (e.g. banks’ anti-phishing tools, web seals). I refuse to believe this, because the future for PETs is as part of the infrastructure, not applications. This infrastructure needs to sit underneath everything (such as the examples given int the article: from real-time passenger screening programs, to networked electronic health records to national identity systems) to work properly. If code is indeed law, then I want that code to be built with PETs from the ground up.
For this to happen, we need to get privacy taken seriously, especially in the government. System architects should be able to mention PETs without being thought of as pandering to terrorists and anarchists. It it entirely possible to build population-scale identity management applications with privacy protections in place (as I have often set out) but there is no funding or interest in using these technologies. I feel — perhaps incorrectly — that this is because the politicians and civil servants don’t understand the technology at all, so when you suggest taking a look at Privacy Enhancing Technology, all they hear is the “P word”. In their world, privacy is the enemy of security, whereas in my world it is not.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]