Engineering principles

[Dave Birch] Privacy and security aren’t additional extras, costly options for new system. They are (or should be) part of the fabric. You can choose how to implement systems in either a privacy-enhancing or privacy-reducing way. Take, for example, congestion charging. There are a couple of ways to do this: you could do it the way they do in Singapore, where you have a prepaid card that communicates via RF with an overhead gantry. When you go through a gantry, the system attempts to take a fee from the card. If the transaction goes through (it’s an offline purse transaction) then you’re on your way. If you borrow a mate’s car, you can take your card and put it in his car, no problem. But if you don’t have a card, or you don’t have any money on your card, then you get photographed. Alternatively, you can do it the British way. In London, all cars get photographed and then automatic numberplate recognition is used to try and work out who to charge. In many cases, it works and the correct account of a poor person is charged. I say poor person, because rich people register their Lambourghinis as taxis and avoid the charge

 

Cleangreencars has discovered that there are an unusually high number of luxury cars that have been granted the private hire designation, including two Maserati Quattroportes, three Maybach 62 and eight Rolls Royce Phantoms.

[From Taxi!? London luxury car owners register Maseratis, Rolls Royces as C-charge-free private hire vehicles – AutoblogGreen]

Incidentally, if you can’t be bothered to send your chauffeur round to register the Porsche as a private hire, you can always just leave the Belgian plates on it, because the supercomputer running the system is not connected to other supercomputers in other European countries…

 

I drove for 4 years in london with a german plate, many times in the zone (once it was introduced), never paying and my ex never got a ticket sent to her place in HH where the car was registered.

[From London congestion charge for foreign cars]

In fact, as that tax-avoiders’ handbook The Independent notes,

 

there are a number of ways to exploit the loopholes in this system as a private, law-abiding motorist if you are willing to be a little inventive.

[From Congestion charge loopholes: Now just learn the Knowlege… – Features, Motoring – The Independent]

Bit I digress. My point is that we have choices, and not building privacy-enhancing technology into a system is making a positive choice to have a data catastrophe at some point downstream.

This is why my natural inclination is to have privacy-enhancing technologies (PETs) at the core not only of the design of new system but of the paradigm that they are described and animated inside. However, I think that trying to explain why they should be at the core is getting to be a Sisyphean task. Clients are busy, they are trying to focus on the bottom line (as they see it) and they don’t see privacy as part of the customer proposition. And the PET solutions that I advocate are, let’s face it, a bit complicated: you need to know a bit about security, cryptography and communications and the like to begin to picture the possibilities. Hence, it occurs to me that for many clients who find the whole privacy thing just too complicated, it may be better just to shut up about the long-term benefits of privacy and just advise them to implement Microsoft’s Cardspace instead. Why? Well, because…

 

Microsoft to adopt Stefan Brands’ Technology

[From IdentityBlog – Digital Identity, Privacy, and the Internet’s Missing Identity Layer]

I’m looking forward to hearing how Credentica’s technology is going to be integrated into Cardspace and I just can’t wait to try it out.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]