Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!uwm.edu!bionet!agate!usenet.ins.cwru.edu!abvax!iccgcc!herrickd From: herrickd@iccgcc.decnet.ab.com Newsgroups: comp.org.eff.talk Subject: Re: The end of privacy... and so what comes next? Message-ID: <4118.27fb3250@iccgcc.decnet.ab.com> Date: 4 Apr 91 19:04:00 GMT References: <63473@bbn.BBN.COM> <1991Apr01.052655.3549@looking.on.ca> <4082.27f77d68@iccgcc.decnet.ab.com> <1991Apr02.054249.27643@looking.on.ca> Lines: 70 In article <1991Apr02.054249.27643@looking.on.ca>, brad@looking.on.ca (Brad Templeton) writes: > Right now smart cards are doing that, but we are in the infancy of the > network world. There are lots of people, like us, who are concerned, and > we will work to make it happen. We're the people coding up this stuff, and > we do have a bigger say than other "activists" might. I suspect the code involved in existing smart card systems was written in COBOL and the people who coded it up are not here. Please demonstrate that my suspicions are unfounded. > > What I want is to find solutions that don't attack fundamental rights in > the name of "fear of the computer." Many people seem to react by saying > that we should define laws that let you copyright your personal data, > or forbid people making databases of entirely public information. The fuss over the Lotus/Equifax product that failed reminded me of the "consumer protection" fuss over barcode readers in supermarkets in Michigan when the technology first became available and was outlawed in Michigan to protect me from lower prices. I tried to counteract some of the more egregious mistatements of fact when I saw them on the net. > > I consider database publishers to be publishers, and I think that > "congress shall make no law abridging the freedom..." of publishers. > (That's the U.S. version. In my country, it's not so precisely worded.) Yes, many of the contributors to the net forget that freedom of the press belongs to the person that owns one. > > I consider privacy important but freedom to not live in a privacy > protecting police state is also important. In the southern colonies, the moves toward a police state are not moves to protect privacy. It is now against US law to cross a US border (outbound) with $11000 in one's pocket. One more reason to conduct unwarranted searches. > > I have put forward two solutions that need little in the way of limitations > on freedom. One is default implicit contracts of confidentiality > on most transactions. The other is the automatic use of different > aliases for all your network activities. My proposal here has been that individuals should start modifying the "I own your data" provisions of existing boilerplate contracts before signing them. > > These all rely on a pluralistic, privatized world where you deal with > hundreds or thousands of data agencies and no one agency has all the > data on you, or, if you use your aliases properly, even knows it does > if it happens to! > > Yes, it also depends on reliable and unbreakable public key encryption > and digital signature. Right now we think we can get those, but > who knows what new results in number theory will come by tomorrow. > > Anyway, it can be done without draconian law. If you propose such laws, > I would like to hear why you think it can't be done any other way. > I would hope that the burden of proof would be on you. > -- > Brad Templeton, ClariNet Communications Corp. -- Waterloo, Ontario 519/884-7473 how can we get smart card technology to use privacy enhancing designs? The companies creating such things are marveling at their new ability to make great quantities of data about the holder of the card more easily available. There have been some small comments about a magnetic stripe driver's license in California. (I think I saw it in .risks before I started reading .eff.talk.) This is not an attempt to enhance citizen privacy. dan herrick herrickd@iccgcc.decnet.ab.com