Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!van-bc!ubc-cs!uw-beaver!mit-eddie!bbn.com!cosell From: cosell@bbn.com (Bernie Cosell) Newsgroups: comp.org.eff.talk Subject: The end of privacy... and so what comes next? Message-ID: <63473@bbn.BBN.COM> Date: 31 Mar 91 12:33:12 GMT Sender: news@bbn.com Reply-To: cosell@BBN.COM (Bernie Cosell) Organization: BBN Systems and Technologies, Inc, Cambridge MA Lines: 119 There are several threads floating around the net dealing with the clash between privacy and the "information age". caller id, SS# abuse, use of charge card info, etc, etc. If people talk about the underlying issues at all [as opposed to the specifics of a particular assault], the solutions seem to turn on VERY odd ideas [copyrighting personal data, making laws that make personal data somehow "special", etc]. Well, I've become real pessimistic of late. Let me uplevel the question. Discussing 'privacy' instead of the specific assault is already one level up --- I'd like to move another level up and ask about privacy, itself. CAN one make a case that privacy is protectable, or worthwhile, or even means anything? Here are three conundrums that seem to do a pretty good job of skewering the case for privacy, (and the more I think about them the more despondent I get): 1) privacy is just a cloak for illegal activity [i.e., trading privacy for security is a win] 2) privacy just makes life unnecessarily difficult [i.e., trading privacy for convenience is a win] 3) no single bit of information is really "private" anyway [i.e., the problem is not the data, but its aggregation]. Briefly on each: 1) Just look at the caller ID debate. There is the barely veiled accusation that anyone who would want to make a call under the cloak of anonymity MUST be up to no good, and so the need for anonymity is viewed as an exception, and if it is awkward or difficult to make an anonymous call that's OK. In all the years I've been debating in and around the general topic of privacy, I've _never_ found a persuasive argument to counter this. Why shouldn't police be allowed to frisk people at random on the street? or search cars [or even homes] on a hunch, or less? If you don't do drugs, why do you bitch so much about drug testing? What do you have to hide, anyway? The debate always ends up with the anti-privacy folks having specific, concrete, immediate, seductive _advantages_ of foregoing a bit of privacy, while the pro-privacy folk end up making vague, theoretical, philosophical, "but what if" arguments against. 2) A non-private world could be VERY convenient: just call Domino's, the person answers the phone, and without my having said anything says "Hi Mr. Cosell, just the usual tonight?". How nice it is to be able to buy a book by simply calling and having it in the mail that afternoon. To be able to carry a checkbook/creditcard instead of hundreds of dollars of cash. [and other seductions: if you buy with a credit card, you can block the charge if something goes awry... why pay cash when they make it even NICER to use plastic??]. Many Look forward longingly to a Star-Trek like future where not only could you know that Joe Smith is at the door, but you could whip up a quick dossier to ensure that he really IS just 15 and is a boy scout and lives on the next block... Or, as has been seriously proposed and may well come to pass soon, self-id'ing boxes for automobiles so that you can pay tolls electronically on-the-fly. How convenient! 3) Most of the data we bitch about is, and has always been, 'public' anyway. Again, going back to the caller-id debate, to be sure in the 'good old days', the operator knew everything about who was calling, and that you were really at the Jones's house and could route your calls there without your asking. I doubt that the grocer on the corner ever really thought that telling someone about what you bought was particularly sensitive information. Lenders have always done credit checks and compiled dossiers, so what's the big deal? The big deal, of course, is the magnitude and ease with which data can be collected, and this is the REAL hard part for privacy folk. It is hard to figure out who the culprit is when the problem is a "too big" aggregation. If the data about *one* specific phone call of yours is hardly a big deal, and collecting data on some of your calls is OK [e.g., Dominos keeping track of the pizzas you've been ordering, or mastercard retaining your card-use records], why should the data about ALL of your phone calls not be, too. If the data about a specific purchase you make is necessarily non-private [say, a pay-by-check purchase, and so the merchant must know enough about who you are to verify the transaction], what is the problem with assembling data about ALL of your transactions? Where do you draw the line... HOW do you draw the line? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Anyhow, so I think the battle is hopeless: the forces of non-privacy will present a constant, seductive pressure to embrace their temptations, and the case for keeping privacy will be more and more tenuous and abstract. And it will only get worse: with the march of technology, the _potential_ for greater security and convenience, and the _apparent_ triviality of the privacy you would cede, and where they'll argue (perhaps correctly) that for this specific case you don't really have that privacy _now_, will all make the lure of the new toys virtually irresistable, and make the pro-privacy folk look more and more like Luddites. And any privacy once conceded is, basically, gone forever. As we've pointed out here, it is ALREADY almost impossible to live an even half-normal life and retain much of any privacy. EVERYONE wants your SS#, your mail address, your phone #... It is now virtually illegal to pay cash for some sorts of transactions, many places _require_ your SS#, etc. And so where do we go as we travel across the electronic frontier? I think that trying to 'patch' the current privacy-breaches is hopeless. Trying to make certain classes of data illegal, or certain uses of data [that was otherwise freely given] illegal, or certain aggregations of data [but not others] illegal all seems doomed to failure. The distinction between appropriate and inappropriate is more in the eye of the beholder than in anything that can be isolated in the activity, itself. Almost every attempt to limit abuses seems sure throw out a LOT of baby along with the bathwater, and many --- hell *most* --- people will WELCOME the security of no-privacy and LIKE the new conveniences in their life [hell, I can hardly figure out how I got along without my ATM card], and so the attempt to rein things in will hardly be viewed as beneficial. Is it hopeless? Where does the trail lead us? /Bernie\