

Bruce Schneier: Privacy in the Age of Persistence - anuraggoel
http://www.schneier.com/blog/archives/2009/02/privacy_in_the.html

======
wmf
"Data is the pollution of the information age. It's a natural byproduct of
every computer-mediated interaction. It stays around forever, unless it's
disposed of. It is valuable when reused, but it must be done carefully.
Otherwise, its after effects are toxic."

I agree with this idea; that's why I prefer the regulation of data collection
and storage, rather than use. Allowing companies and governments to collect
massive amounts of data about people that they aren't allowed to use in
certain ways today is a ticking time bomb. This data is attractive to
criminals who aren't bound by laws anyway, and corporate mergers or changing
laws can retroactively harm privacy based on data that was previously
collected.

~~~
gry
I've been toying with a Creative Commons like service, one where as an
organization, you can choose the criteria which meet your privacy policy. This
would have a "visual vocabulary" akin to the CC badges or nutrition facts on
food for different privacy models. It seems like a missing component is
clarity and transparency when it comes to understanding the implications of
several facets: collection, storage, and use being the big three.

This paper by Irene Pollach [<http://portal.acm.org/citation.cfm?id=1284627>]
delves into some of the details and weaknesses in privacy policies and how
legalese can weasel out of a real policy.

Schneier's article makes me even more concerned about storage -- which I think
most people dismiss if the use argument is addressed.

I think a privacy vocabulary would be wonderful.

~~~
wmf
That sounds suspiciously like P3P. <http://www.w3.org/P3P/Overview.html>

Why did P3P fail and how can those problems be avoided in the future?

~~~
gry
I think P3P never gained traction in part because it was too early. I don't
remember in 2000-2002 people getting in huffs over privacy policies. They
weren't common then. Terms of use were -- deep linking policies. Heh.

One of the major P3P criticisms is the lack of enforceability. While say a
Creative Commons license is applied to a work, if a P3P "contract" was applied
to a site, how does one enforce it?

I think with the oversight a community provides (Facebook ToS is a recent
example), a community or communities could keep companies' policy _more_
honest. I'm currently formulating my thoughts on this; I'm not completely
versed in privacy nor previous attempts to clarify, add trust, understanding
and accountability, like P3P.

~~~
thwarted
I'm think it is wholly because it is unenforceable and unverifiable when it
comes down to it. P3P allows websites owners to assert their privacy policies,
and some aspects of the TOS, in "machine readable" formats. This was supposed
to allow standardization to allow better filtering automatically when you
visit a site. You tell your browser you are only interested in sites that
"collect cookies for the purposes of aggregate data collection" and "don't
sell personal information to third parties", and the browser was supposed to
warn you, or change its functionality, based on your targets with the site's
claimed assertions. It doesn't work like that though, for the same reason the
Firefox bad certificate screen ended up being more annoying than useful: no
one actually cared about security more than using the site. It's easier to
override the settings and use the site. And you could never be sure, until
after the fact when it's too late because the information is already out
there, that the policy was ever followed or not.

And because of that and the way IE's default "internet zone" cookie policy
worked, you pretty much had to, as a website, assert policies that were
amenable to the IE defaults.

This would only work when there is significant competition between
interchangeable and interoperable sites anyway. Facebook asserts policies A,
B, and C, while Myspace asserts policies X, Y, and Z. Well, those policy
differences don't mean anything if I actually want to use Facebook because
that's that's where my friends are. Privacy policies are only a
differentiation point if the policies are different and the services are
exactly the same, which is actually impossible (and not really in the
indivdual sites' best interest anyway).

P3P has some use as a way to monitor the privacy policy and TOS on a site, and
have your browser notify you of changes. I don't think this is necessarily
better than what happened with Facebook TOS where someone was following it
closely, actually read it, and raised hell about it. There's an emotional
aspect tied to that, one that doesn't exist when your browser pops up a box
with a warning you just want to dismiss and get out of your way.

------
aneesh
This is a serious issue to consider, but one way we're _not_ going to solve it
is by trying to restrict data collection, or simply trying to hide our own
digital footprints. The latest facebook ToS episode tells us as much. To
continue Schneier's automobile analogy, we're not solving pollution by un-
inventing cars, but by coming up with even better clean technology. Similarly,
reducing data collection doesn't seem to be a viable option; instead, we're
going to have to come up with better technologies for access control & data
anonymization.

~~~
culix
This is exactly why easy-to-use programs that can ecrypt or anonymize your
data are good. People are willing to use something like Skype because it's
easy to set up and run. Want to call someone? Type in a phone number and hit
'call'. The average user doesn't know or care that their conversation is being
encrypted, but they benefit nonetheless.

I'm really glad to see programs like Adium, used by the majority of my OSX
friends, can encrypt conversations by default, and interfaces perfectly with
options like OTR ( <http://www.cypherpunks.ca/otr/> ). I've managed to
convince exactly one friend to use OTR - it's not an effective way to fix
things because most people don't care. Getting programs to have useful
defaults that protect you while still being easy to use is the key.

Now all we need is an open-source version of Skype ( <http://www.qutecom.org/>
? ) that joe-anybody can use on their phone :P

------
paulgb
Arguments for the importance of privacy seem to invoke either corruption (eg.
1984, or the Cardinal Richelieu quote) or the risk of error (eg.
misidentifying a suspect because they share attributes). These remind me of
the arguments used against artificial intelligence research. I see them as
problems that can be worked around, not as a basis for more privacy measures.

Instinctively I feel that privacy is important, but I can't find any solid
justification for the instinct. It bothers me slightly to know that I can be
tracked by cell phone signals or a public-transit swipe-card, but I couldn't
win an argument for the importance of privacy.

~~~
ible
While corruption and error are certainly major factors in privacy, there are
some things that are just private. I don't want people, even people I know and
trust completely, to know about the details of my sex life. Not because my sex
life is crazy and deviant, because it is private. I don't want to have clear
bathroom stalls, not because I'm doing something wrong or worry about someone
harming me, but because it is private. Voyeurism is an invasion of privacy, it
doesn't hurt people in any other way, but it is illegal, and should be.

In short, privacy is import because of the instinct you mention. The desire
for privacy is the reason for privacy. Privacy is like freedom, it is a basic
human desire and requires justifications to violate or remove, not to support.

~~~
paulgb
Thanks, this gives me some things to think about. I do have to wonder though,
is privacy really something inherently human, or are we conditioned by society
to require privacy for comfort? I do think it's the former, but I still have
to wonder.

------
lionhearted
Every time I read something by Schneier, I'm impressed with just how well he's
able to put things. He's somehow able to impart the gravity of things without
coming across like he's fear-mongering. I wonder how he's able to write so
eloquently and accessibly on security, which is usually hard to do - I'd like
to be able to write that well.

~~~
TaraK
Agreed. He knows the material intimately, so can speak to it with ease.

------
RK
Imagine if they would have had the internet with Google, Internet Archive,
etc., during the McCarthyism era in the US. That's the type of thing I am most
concerned about.

------
DanielBMarkham
Reading this, I had one of those -- hey! "I invented that first!" entrepreneur
moments, since I had blogged on the same topic a week or two ago.
[http://www.whattofix.com/blog/archives/2009/02/who-was-i-
aga...](http://www.whattofix.com/blog/archives/2009/02/who-was-i-again.php)

Of course, like all big ideas, this stuff is "in the air" at a certain point
in time and lots of people are channeling it. I think of it as a process sort
of like waking up: usually you'll have outliers who warn of problems years or
decades ahead of time without any traction, then suddenly everybody's thinking
and talking about it. E-commerce was like that, and so it social networking.
Who knows? Maybe Twitter is the next big change.

This is a society-changing trend, no doubt, and worthy of all the attention we
can give it. While my post was overly lyrical, historical, and elliptical --
Bruce drives a truck right through the reader with direct analysis. I hope to
see more writers take this on.

If I had to put the problem into one semi-poetic line, it would be.

Every detail. Easily recorded. Rarely noticed. Never forgotten.

Our species has never existed in a world where nothing was forgotten. Not only
is the ability to forget a key part of remaining sane, it may be a key part of
a functioning society.

We don't know -- we're in uncharted territory. But I do know that the matter
is credibly huge and will not go away simply by us ignoring it.

And no, this is not a privacy issue. To think of it as just privacy is to miss
the point. Even if we were the only ones able to access the data about us, _is
it healthy to have a life in which all the details are remembered forever?_ I
don't think so. This isn't about ownership of the data, it's much more
encompassing than that: it's about whether or not people are machines or
evolving organisms. Machines don't care for the past. Evolving organisms are
always forgetting and remaking the past in order to emotionally move forward.
We may be reaching a "wet-ware limit" where our information systems are simply
operating at too high an efficiency level for the interface to work properly
with us sloppy, emotional, forgetful, slow, and illogical hominids.

