No-one should think this stuff is easy

Written by

Posted on Leave a comment

[Dave Birch] I’ve repeatedly said that I want the laws of mathematics and physics to protect my personal data, not to rely on the laws of the UK (or anywhere else). This is for two reasons. For one thing, I’m not confident that the people making the laws know what they’re doing (they tend to be lawyers and politicians rather than engineers or scientists). For another thing, there’s no reason to expect that the cold, hard distinction between 1s and 0s that builds the virtual world is suitable to manage the ambiguities of the legal world. Thus, even if a law is set out correctly, that doesn’t mean that it will never be replaced or altered in a perverse way. The oldest law still on the books in our United Kingdom is the Distress Act of 1267 (which outlawed private feuds, forcing people to go to court for redress in civil disputes) but not many laws have made it through eight centuries. Things change. But even if the law is right and on the books, that doesn’t mean it will be interpreted as intended. At the eema European eIdentity conference, I noticed that the Chief Privacy Officer for the Department of Homeland Security referred to the US Privacy Act of 1974 as one of the inputs to their policy. But,

The Privacy Act of 1974—the law designed to protect your rights as the government collects, uses, and shares your data—fails to consistently protect of citizens’ privacy because circuit courts disagree on how to interpret its language.

[From PolicyBeta – Blog Archive – A Remedy for Every Wrong? Why We Need a Consistent Privacy Act]

This illustrates my point. My personal data should be protected by cryptography, not by the vagaries of judicial interpretation.

The idea that cryptography rather than good intentions should be the source of public confidence in a system handling personal data is central to what I’ve taken to calling Post-Modern Privacy (or PMP). But it’s not just that cryptography should be used, it’s that it should be open. The security of personal data should be based on the security of keys, not on secrecy or proprietary technology. The specifications for, for example, a national ID card, should be published, open and subject to peer review and revision: that’s the way to generate confidence in a scheme, not meaningless, soothing waffle from politicians.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

,

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this:
Verified by MonsterInsights