Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!munnari.oz.au!metro!sunaus.oz!newstop!exodus!randolph From: randolph@cognito.Eng.Sun.COM (Randolph Fritz) Newsgroups: comp.org.eff.talk Subject: The city of mind, cyberpunks, and privacy Message-ID: <5201@exodus.Eng.Sun.COM> Date: 3 Jan 91 22:40:46 GMT Sender: news@exodus.Eng.Sun.COM Lines: 59 [This is a slightly-edited version of an essay I posted in one of the political groups. It seems to have some relevance to the discussions going on here, so I'm reposting it here.] Barlow uses the metaphor of the American frontier to describe the current state of cyberspace. But the frontier brings a whole set of associations which don't really apply: isolation, privacy, wide open spaces. Cyberspace is intensely social (how many of you are reading this?), intensely monitored, and everything is very close -- this message will circle the world before I arrive at work tomorrow morning. I suggest one does better to think of cyberspace as a dense, fast-growing, world-wide city. If you drop a $100 bill on city streets -- you don't expect to get it back if you go look for it in an hour. And no neighborhood shopkeeper is going to leave his shop unlocked and untended, no, not even for a few minutes. I contend that, in fact, the very sloppy password security system used by TRW for credit records is very nearly equivalent to that. Returning to that shopkeeper, he's going to have a devil of a time collecting on his insurance if his insurance company finds out that he wasn't minding the store. This perhaps suggests a different approach to security. One doesn't call out the SWAT team for everyday problems, after all. One relies on watchful neighbors, guards, and the cop on the beat. Surveillance is the word. And one locks doors. The cyberspace equivalent of locks are, of course, access controls and encryption. There is currently a considerable debate over just how widespread such technologies should be, with the intelligence community favoring restrictions and the computing community favoring wide dissemination. In the view I'm proposing, widespread dissemination is necessary for the full use of information technologies. After all, any city dweller needs locks and keys. And banks need vaults. So far as public information is concerned, I propose that major data banks have somewhat the same responsibility with personal information that more conventional banks have with money and, just as monetary banks have legal responsibilities towards their depositors, data banks should have comparable responsibilities towards the people whose personal information they hold. You hold the banker responsible if the banker neglects to lock their vault; negligence creates liability (though of course the actual robbers are also criminals). In this view, there should be some similar liability for data banks, though it's going to be a long time before those banks accept that! (I wonder if anyone's pulled the credit records of the president of TRW Credit :-) So that's another way to think about security in cyberspace. I hope it is of some value. Especially, I hope it is useful in calming the fears of our law-enforcement organizations. nd t ou ui R Press T __Randolph Fritz sun!cognito.eng!randolph || randolph@eng.sun.com ou ui Mountain View, California, North America, Earth nd t