Security

The privacy covenant is an illusion: How to regain control

Agreement to share information in exchange for protection or services has become an irrelevant formality. Wouldn't it be nice if we could claim enough of a position of strength to make our choice to give or withhold consent a meaningful decision?

Free speech suffuses the American technologist's conception of the Internet. Startup founders grow into megacorporate information era tycoons who operate on the basic premise that their job is to facilitate communication, generating revenue on the backs of their sites' users by selling those users' information to advertisers. At the root of all this, if you press them hard enough, is always something akin to the concept of free speech. Whatever they observe, they can share freely. The end result is that privacy, for these people, is not real; it is a fantasy, an illusion, utterly obsolete in the information age. While Facebook founder Mark Zuckerberg is in many ways the poster boy for this attitude, Google is more fundamentally its embodiment on the Internet.

This approach stands in marked contrast to the typical governmental attitude toward privacy. While agents of government policy may express sentiments in private conversation that are quite similar to Zuckerberg's famous dismissals of privacy, their approach to privacy is typically much more insidious and unnerving. Where Google expands its influence so that it can cast its net ever more widely to catch whatever crosses its path and catalog it for future use, government regularly engages in activities that border on the outright illegal, and sometimes even cross that border as in the case of the Bush administration's NSA wiretapping scandal.

The justifications for these two different approaches to sweeping privacy aside in the pursuit of information- gathering goals are not immediately similar. Google, Facebook, and others provide terms of use and privacy statements to people signing up for memberships on their sites designed to get people to agree to let these corporations do whatever they want with information provided to them. They otherwise use the argument that people have voluntarily and willfully provided information as justification for their actions. By contrast, government tends to simply wave all that away; consent is irrelevant, because the urgency and importance of its activities override any privacy concerns that might restrict its actions. Quite often, such activity is in service of the War on Terror, the War on Drugs, the War on Piracy or some other "War" that, according to the agents of government policy, "requires sacrifice" from the citizenry.

Underlying both of these justifications for gathering and using information in ways that might shock and offend the people whose information is being gathered and used is the presumption of a covenant between the two parties.

In the case of corporate information gathering, there is held to be an implicit -- sometimes explicit -- agreement that in exchange for providing information to be used as the gatherer sees fit, certain services will be provided that benefit those whose information is used. In fact, providing that information one way or another is often a critical part of the business model, a necessary part of providing some of those services.

In the case of governmental information gathering, there is held to be an implicit "agreement" of sorts, never explicit, usually not voluntary or willful in any sense at all, but held to exist by virtue of a collective social contract. That agreement is irrevocable, and presumed to exist from the moment of birth; that government is the parent, we the children, and prying into our private lives is something mommy does for our own good. Once again, an exchange is assumed to occur, but the connection between what the citizenry gives up (or, more accurately, what is taken from the citizenry) and what is supposedly provided in return (security, freedom, and social welfare) is far more tenuous and suspect. This less-clear status of a return on involuntary investment is counterbalanced by the public perception of the dire necessity and rightful authority of government.

The covenant is key, in either case. Without the assumption of that covenant, none would stand for the circumstances that have evolved. Even with the presumption of agreement in place, many individuals object.

The result is an opt-out world. We are essentially born into a world where we are assumed to agree to everything, initially, and must explicitly retract that agreement to escape its consequences. Of course, by that time some damage has already been done. There is, as they say, little point in crying over spilled milk; the question we face is what to do now.

The cypherpunks of the 1990s had it right. The proliferation of privacy technologies that lie in the sole control of their users is the only guarantee anyone has of privacy, apart from the unreasonable options of self-imprisonment or self-exile. Great strides were made toward that proliferation in the '90s, and a key event was Philip Zimmerman's invention and legally risky distribution of an encryption tool called Pretty Good Privacy, abbreviated PGP. The legal risk that applied at the time was the US government's classification of strong cryptography technologies as "munitions" for export purposes.

Since then, encryption has become ubiquitous, and necessarily so. Banks, IRC servers, mail servers, and even Wikipedia "the free encyclopedia that anyone can edit", offer encrypted connections for authentication and communication. A number of factors have played into this, not least of which is the growing need for basic security when people conduct their online lives. We have still not reached anything like the cryptopia the cypherpunks of the 1990s envisioned for the future, however. HTTPS, the dominant Web encryption protocol of our time, is subject to compromise at the whim of the "certificate authorities" who sign the digital certificates that supposedly protect against eavesdropping on encrypted connections; most people never use the OpenPGP and S/MIME protocols to keep their digital communications private; and many of the privacy technologies provided in the most popular software applications in the world are considered laughably weak by cryptographers and other security experts.

The key to establishing and maintaining any kind of real privacy is the deployment and use of privacy technologies that users control. This requires educating the public so that people start actually caring about their privacy. This also requires development of such technologies, not only so that they work, but so that people will use them. It additionally requires the forbearance of organizations with a vested interest in preventing that proliferation of privacy technologies and the power to enact their will; government, for instance, must back off its anti-privacy laws that make it nigh-impossible for people to get away with effectively protecting their own privacy. The "guilty until proven innocent" approach government takes to deciding when it is justified in using the law as a truncheon to punish those who just want to keep their mouths shut about their personal business has a chilling effect on how people view their own privacy. Its laws against the free development and distribution of such technologies may be even more difficult for society as a whole to overcome.

The privacy covenant in the information age -- the supposed agreement that we only give up privacy to the extent we desire, and only in exchange for something of equal or greater value -- is indeed an illusion. The truth of the matter is that anyone in a position to gather information is more likely than not to find a way to (self-)justify getting it, by hook or by crook, whether we want that person to have it or not. Our only hope for regaining any control over our privacy is to enforce it by the only law we have at our disposal; technology that the user controls. This means open source encryption software, more often than not, as a key part of the package.

It also means that the single most important thing we can do to change government policy so that our privacy may be protected is not to establish restrictions on searches and seizures, such as limitations on wiretap power. It is to simply get government to back off its regulation of privacy technologies. If you are a pro-privacy activist, the lion's share of your efforts should undeniably be directed at encouraging development of privacy technologies under the most open licenses possible and at eliminating any law on the books that restricts the creation and distribution of such technologies.

If we can do that, we can start thinking about how to get everybody on board with the idea of actually taking reasonable steps to protect their own privacy. Once that is underway, we can finally re-establish a privacy covenant with those whose best interests are served by learning everything about us, this time with the tools in our hands necessary to enforce that covenant.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

37 comments
santeewelding
santeewelding

Just how serious are you, re, "social contract", and how any one of us [b]is[/b] with respect to the rest of us; and, the rest of us, with respect to any one of us?

l_e_cox
l_e_cox

All I'm saying is, in this world it takes a lot more than a thorough understanding of encryption technologies to maintain a workable degree of privacy. Our basic concepts of privacy, knowledge and human interaction are being revised as a result of various technical innovations. These innovations are not only happening in the IT sector, though IT is a key component. These innovations are also happening in physics, in genetics and microbiology, in nanotechnology, and in the "fuzzier" areas of psychology, and what has been known in the past as "psychic phenomena." These innovations are leading us into a whole new reality about what an individual is capable of being aware of. Example: Traditionally it is considered that our own thoughts belong to us. But now it is being discovered that we actually "broadcast" our thoughts as we think them, and that technology could exist that would allow others to "read" them. It is rumored that such technology has already been developed and is being used secretly by irresponsible people. There is also information in the public domain about how to train a person to accomplish such things. However this may be, the point is that this is an aspect of life whose underlying assumptions are shifting under our feet. Public awareness is key. But the stakes are higher than merely our personal perceptions of having private lives. Irresponsible use of these new technologies could lead to whole new methods for enslaving people. It is not just our privacy that is at stake, but our entire sense of what it means to be free.

Cynyster
Cynyster

While certainly not an encryption expert. In fact I am a newbie. There needs to be some standardization in encryption technologies. If not in the algotithyms, then the software that handles them. Just look at Symantec... they just outright purchased both PGP and Verisign, supposedly the two most respected encryption companies out there.. and low and behold they do not support 64bit OS or MS Office and none of the 3 big web based e-mail providers can even handle digital signing (ie Smime) so unless you want to send secret love notes to your mistress, you may as well not even bother.

littlepitcher
littlepitcher

Privacy protection is now as obsolete as 1984's title, and as relevant as its content. PGP became obsolete when Google went after books. How does one use a code when Big Brother has the codebooks? Dual-layer recoding in a second language became obsolete when translation became automated. AES encryption is dead, digital phone encryption is dead, and opting-out of Java is moribund. In theory, we can protect our privacy by going Luddite, but the postal service and Google Maps don't like that idea. Time is coming when the only way to protect privacy will be to have two or more distinct identities, and protect them legally, something which will make them available to government and the representatives of crime families who are rapidly taking over the bureaucracies.

JCitizen
JCitizen

let us keep it up! I am assuming Chad is attacking the problem directly by promoting the technology for us to take control of our own privacy, by technological tools; and doing this as an individual, the most effective means to now take individual control of our privacy data and lives. Another means I've used is by lobbying through Consumer's Union. We have quite a bit of power with the Washington set. Lobbying seems to be the only language congressmen understand. So be it - I and our large member set, shall club them on the head with it, if necessary! I am not saying Chad is excluding this as another tactic, quite the opposite, I should think.

apotheon
apotheon

I suppose I might look like a pessimist, writing articles like The Privacy Covenant is an Illusion, but it strikes me as an act of unbounded, utterly unrealistic optimism to think that enough people care to make it worth my while to write such articles.

AnsuGisalas
AnsuGisalas

Now, please wear this tin foil hat... your thoughts are invading my privacy. Mental trespassers will be shot!

seanferd
seanferd

There are so many things, privacy-related and otherwise, with webmail, that I'm surprised that anyone remotely concerned about their mail would use it. And if you want encryption, why use a closed-source proprietary option?

apotheon
apotheon

Verisign bought its "respect"; it didn't earn it.

seanferd
seanferd

You have a laundry list out of which which you have attempted to build sentences. It didn't work. PGP is dead because Google "went after" books? What does that even mean?

AnsuGisalas
AnsuGisalas

Open source cryptography doesn't rely on the secrecy of its "code book"... Chad has written a mess of articles about that, maybe he'll give you some links so you can educate yourself. Or you can search for the articles all by yourself.

AnsuGisalas
AnsuGisalas

There is a need for lobbying, after all, legislation is now part of the problem - legislation is needed for it to stop being that, at least. The EU has pretty tight rules on register combining... that could be a place to start.

AnsuGisalas
AnsuGisalas

The more they take our privacy, the less we get it... they're only getting started on robbing us, believe you me! The less we "get it", the more they take our privacy. So, step one is to get it. Got it? Good! Next, do something about it.

Professor8
Professor8

The problem is that no consent is possible. "Agree to allow us to violate your privacy these ways, or nothing." is not voluntary informed consent. There is no negotiating. There is no opportunity to say, "I hereby generously allow you to use this limited information for this specific purpose for this amount of time, at which point it must be removed from all servers and back-ups. It may not be combined with information by, from or about me from other sources."

AnsuGisalas
AnsuGisalas

Ultimately, writing to change minds, even to arm ready minds for a certain cause, is propaganda. Nothing wrong with that, it's only been given a bad name by the ones who prefer the status quo; which at any one time happens to be the ones with the most ill-gotten loot. Keep forging those bullets, Chad. You do it well.

seanferd
seanferd

And I appreciate that it is you, at least for now, because you execute so well. Unfortunately, I'm just one reader, and a choir member already. The common (mis)usages of social security numbers (against the stated rules no less) pissed me off as a young child. I've been pretty disappointed and not so optimistic for a long time. I'm really not thrilled with entities which are too big to care, and nothing is improving. The govs and corps take more liberties with regularity and gusto, and people who might even care about privacy and self-determination have little time or room to fight for their supposedly inalienable rights because the economic sphere has grown and been engineered that way. I suppose I'm not always so pessimistic, but my optimisms are guarded.

Sterling chip Camden
Sterling chip Camden

... I doubt he pictured it as a choice between analyzing three pages of legal nonsense or just giving in and clicking an "Accept" button.

apotheon
apotheon

. . . with mind bullets? Full mental jacket?

apotheon
apotheon

I appreciate it. I don't really have anything else to add at this moment, I guess.

apotheon
apotheon

The IRS uses the SSN for a mostly-mandatory Tax ID number. How screwed up is that? I'm actually a bit of a cynic. cynic (n.): idealist who has replaced optimism with the ability to learn This is probably the fourth definition of "cynic" that I've invented in the last decade. For this one -- you saw it here first. (I always appreciate the, err, appreciation. Truly. Thanks for reading and commenting.)

apotheon
apotheon

Wheat's your problem, man?

AnsuGisalas
AnsuGisalas

like a brainful of brute, crass chaff. ;\

apotheon
apotheon

I intentionally avoided that one.

apotheon
apotheon

Unfortunately, that ship has sailed.

seanferd
seanferd

the SSN should never have been used for anything but SS.

seanferd
seanferd

some Sarmatian backup, then.

AnsuGisalas
AnsuGisalas

Of course, I'm thinking of Inquisitor/Ombudsman-type inspection of Corporate and Government registries alike... "I find your lack of hashing ... disturbing" But I'm like that; I like the thought of an entity to put righteous fear into the hearts of the powerful. I like to think it can preemptively remove problems.

apotheon
apotheon

> However, there should be a legal requirement not to use the SSN directly to identify data belonging to that person, it should always be hashed so that, while uniquely identifying that person within that database, the numbers from different databases won't match. That kind of law implies too specific an assumption about how data will be used. Rather, I would say there should be legal consequences to not protecting the SSN that way where it constitutes a security concern -- probably by way of lawsuits or even negligent facilitation of criminal acts. Hey, if Napster can be considered culpable of the behavior of others because its technology implementation facilitates bad behavior without a specific law that applies, I don't see why mismanagement of SSNs shouldn't have the same effect.

AnsuGisalas
AnsuGisalas

That's what it is, after all: A coordinate or address. However, there should be a legal requirement not to use the SSN directly to identify data belonging to that person, it should always be hashed so that, while uniquely identifying that person within that database, the numbers from different databases won't match. They already require that for research databases with say health information on private persons over here.

apotheon
apotheon

I agree with everything you said here, except the idea that the SSN should be treated like a public key. It should be more akin to a username -- suitable to identify, but not to authenticate that identity.

apotheon
apotheon

I try to avoid Scythians.

NickNielsen
NickNielsen

[i]cynic[/i], n. A blackguard whose faulty vision sees things as they are, not as they ought to be. Hence the custom among the Scythians of plucking out a cynic's eyes to improve his vision.

AnsuGisalas
AnsuGisalas

That's how I see it. The problem with the SSN seems to be that it was made (dishonestly, perhaps) to be a sacred number, almost like a friggin signature, so it's hyperpotent, like a magic wand with no safety pin. It needs to be recast - basically they have to admit that it's just a number, and a number that's going to be semi-public, meaning that all the uses for it has to be secured. No more using the SSN in lieu of a signature or mark of consent. That process of bolting down the hatches would be fun to watch, it'd be like a little Y2K scramble, but with significantly less IT-aware people involved in bugfinding.

seanferd
seanferd

I do believe it fits. Yes, the IRS. How nice it is to be able to violate the law for supposed purposes of pragmatism. The IRS' usage is also what made it "OK" for a lot of other organizations to do so, because, well they had to, then. And hey, you're welcome.

Editor's Picks