[Dave Birch] The current issue of Scientific American has a special section about privacy (there’s a podcast with the editor here) and it made for a diverting read for me, because I tend to see privacy through the digital identity prism rather than from a wider (albeit still technological) perspective. So instead of thinking about privacy in “mechanical” terms — which digital identities are allowed to validate the credentials of which other digital identities and under what circumstances — I’ve been thinking about privacy in social terms and wondering if this different perspective leads to different conclusions about the way forward.

Scientific American puts forward seven “paths to privacy”.

1. A U.S.-specific point relating to the oversight of warrants for wiretapping.

2. A call to turn down the FBI proposal to make VoIP system “wiretap ready” on the grounds that it would do more harm than good.

I’m not qualified to comment on these.

3. A call to end the secrecy around U.S. government cybersecurity initiatives, particularly with respect to widespread surveillance.

I think there is a general point here, because there’s no transparently obvious reason to not to have proper discussion and scrutiny around these kinds of systems. It’s not a U.S.-specific issue, because exactly the same kind of big-ticket project is underway here as well.

Ministers are considering spending up to £12 billion on a database to monitor and store the internet browsing habits, e-mail and telephone records of everyone in Britain.

[From Government will spy on every call and e-mail – Times Online]

Apart from anything else, public scrutiny of these activities ought to lead to less money being wasted on ridiculous schemes that will never work.

4. A specific proposal to give people control of their medical information. I’m not sure whether this would be useful or not, since it wasn’t clear to me from the article what “control” means (or, for that matter, what “medical information” means).

5. A demand that the use of RFID tags be regulated. This seemed both too specific and somewhat out of place to me, but it’s because the magazine also includes a long article by Katherine Albrecht from the Campaign Against Supermarket Invasion and Privacy (CASPIAN). Katherine lists a number of reasons to object to the RFID tagging of consumer goods, but it too modest to mention her excellent DVD on the topic for Endtime Ministries. in which she warns us that RFID tags are the mark of the beast from the Book of Revelation. I don’t mean to single out Katherine, as there are lots of people (in the U.S., particularly) who feel that there is a Biblical basis for objecting to radio-frequency electromagnetic radiation for tracking thing (but not optical-frequency electromagnetic radiation):

“Use of a numbering system for their premises and/or electronic numbering system for their animals constitutes some form of a ‘mark of the beast’ and/or represents an infringement of their ‘dominion over cattle and all living things’ in violation of their fundamental religious beliefs,” according to the farmers’ lawsuit filed Monday in U.S. District Court for the District of Columbia.

[From Farmers See ‘Mark of the Beast’ in RFID Livestock Tags | Threat Level from Wired.com]

6. A reasonable requirement for organisations to encrypt all of the data that they hold. Now, I remember, more than a decade ago, looking into a number of proposals for limited encrypted processing, which always seemed an interesting line of thinking to me. The central idea behind such techniques is that it is possible to perform some operations on encrypted data (eg, addition and subtraction) without de-encrypting. I wonder if the steadily increasing power of PCs means that this is now a plausible strategy? I certainly don’t think that encryption deliver the right privacy balance in all cirumstances:

California followed Washington State’s footsteps this week to become the second U.S. state outlawing so-called Radio Frequency Identification Device skimming… Still, California’s measure (.pdf) and the one Washington State adopted in March, don’t mandate any RFID encryption

[From RFID Anti-Skimming Laws Approved | Threat Level from Wired.com]

I’m not entirely convinced that regulation is the best way forward, since I have no evidence that regulators know what is the best trade-off for society as a whole, but the idea that you ought need some sort of key or permission to read tags is probably not right. I want my washing machine to be able to read all of the clothes that I put in it and I don’t want to have to obtain keys from the manufacturers to avoid washing something at the wrong temperature.

7. A suggestion that privacy and privacy risks be included in children’s education. This, I think, is a really good idea. We need to explain to kids that Facebook, IM, MySpace and WoW are fantastic news spaces for communication and connectivity, but that it’s easy to make mistakes.

Having read through the articles, I’m not sure if my opinion has changed that much. I remain convinced that a proper digital identity infrastructure could provide a platform for building systems that have privacy as a fundamental characteristic. The one area where I did think “that’s a good idea” was in the last point about education, where finding new ways to explain privacy would be helpful: hopefully, this will be one of the things discussed at tomorrow’s Enterprise Privacy Group Forum!

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: