Bringing privacy into the equation

[Dave Birch] The equation, in this case, being sum(security+privacy)=rand(). Now, while you might argue that it is at least possible that there is some more complicated mathematical expression that may relate the two in some way, I think I’m coming round to the opinion that we should treat security and privacy as entirely uncorrelated from the point of view of system specification and design. Apart from anything else, it’s why I think we should decouple the concept of the national identity register (which is about security) from the concept of the national identity card (which ought to be, but isn’t, about privacy). It’s also the reason why any statement (in particular, government statements) about giving up some privacy in order to obtain security seem so empty and why technology could deliver so much more than many people imagine.

The concepts of privacy and security are related, of course, but not as a sum. The relationship is asymmetrical: you can have security without privacy, but you can’t have privacy without security. You can, of course, have neither security nor privacy, but we were going to stop carping on about government identity management “strategies” for a while.

What I mean is that if you do not have a secure system, then privacy will always be compromised eventually, as MySpace has learned to its cost because it transpires that perverts have been able to look at private photos that children (and, in fact, anyone else) has posted for their friends’ viewing only:

The flaw exposes MySpace users who set their profiles to “private” — the default setting for users under 16 — even though MySpace’s account settings page tells users, “Only the people you select will be able to view your full profile and photos.” [But] anyone — even those without a MySpace account — can plug the target’s public account number, called a “Friend ID,” into a specially constructed URL that grants access to those photos.

[From MySpace Bug Leaks ‘Private’ Teen Photos to Voyeurs]

I’m sure that, at the time, using FriendIDs instead of some encrypted token or even (heaven forbid) certificates, seemed like a way of keeping the system simple and inexpensive. If society values privacy, it must raise the bar on security. Forum friend Stefan Brands understands this in a very profound way, which is why he has been working for so many years to develop a better way of dealing with security and privacy in the modern world.

U-Prove employs an ID token, a special kind of digital certificate that allows for minimal selective disclosure. The tokens can store all kinds of information, but users can disclose only the minimum amount of data required in any given transaction. They leave no unwanted data trails and permit both anonymity and pseudonymity.

[From Startup Plans to Solve Online Identity Theft, But Does Anyone Care?]

The Wired headline is certainly depressing (which is why someone e-mailed it to me!) but I don’t see the question in quite that formulation: whether individuals care or not isn’t the point. It is our duty to implement systems that give people the choice. If they don’t want privacy, that’s fine. But if they do, they should be able to have it without relying on goodwill, laziness or ombudsmen.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto