Protecting Privacy

June 28, 2009

Despite the risk that you, gentle reader, will think that I read nothing else, I’d like to mention one more item from the July/August 2009 issue of the Technology Review, published by MIT.  The article is by Simson Garfinkel, a well-known security researcher and author,  who is an Associate Professor at the Naval Postgraduate School in Monterey CA.  Entitled “Privacy Requires Security, Not Abstinence”, the article discusses the current situation with respect to privacy in the digital world, and attempts to put the issue in some perspective.

One of the point that Garfinkel makes, which is easy for us to overlook, is that advances in technology have threatened privacy before:

Back in 1890 two Boston lawyers, Samuel Warren and Louis Brandeis, wrote an article in the Harvard Law Review warning that the invasive technologies of their day threatened to take “what is whispered in the closet” and have it “proclaimed from the house-tops.” In the face of those threats, they posited a direct “right to privacy” and argued that individuals whose privacy is violated should be able to sue for damages.

Another example that is frequently cited is the concept of having a private conversation.  At the time the US Constitution was written, the idea that it could be difficult to have a private conversation would have seemed silly.  After all, two people could just go out into the middle of a large, open field, and talk.  There were no parabolic microphones, laser detectors, or other technological means of eavesdropping.

Opting out of participation in our technological society is neither a practical nor an effective solution:

Until recently, people who wanted to preserve their privacy were urged to “opt out” or abstain from some aspects of modern society. Concerned about having your purchases tracked by a credit-card company? Use cash. Concerned that E-ZPass records might be used against you in a lawsuit? Throw coins at that toll booth. Don’t want to show your ID at the airport? Drive. Don’t want your location tracked minute by minute? Turn off your cell phone.

Some of the problems with this are practical: have you ever tried to rent a car without a credit card?   Perhaps more to the point, opting out really isn’t all that effective.  There are still things that you have to do, like getting a driver’s license, or going to the doctor, that generate information about you that ends up in someone’s data base.   All this digital information capture is a fait accompli; turning the clock back is not viable, so we need to develop means of protecting people’s information:

In this environment, the real problem is not that your information is out there; it’s that it’s not protected from misuse. In other words, privacy problems are increasingly the result of poor security practices.

As we collectively move more to “cloud computing”, where an individual’s data may be stored in many different places, most unknown to the individual himself, this issue will take on greater urgency.

Prof. Garfinkel says, and I agree, that we have the means to solve many of these problems right now:

I have spent a good part of my professional life looking for ways to make computer systems more secure, and I believe that many of the problems we face today are not only tractable–many of them have already been solved.  …

We really do know how to build secure systems. Unfortunately, these systems cost more to develop, and using them would require us to abandon the ones we already have–at least for our critical applications.

Lack of attention to security in designing systems is one root cause of these problems.  This in turn often happens because, as I’ve discussed before, economic externalities come into play: the person who has to pay to have a more secure system is not the person who will suffer the loss if the system’s security fails.  This is an area where government probably needs to take a role in setting the rules of the game.

Finally, Garfinkel identifies one of the thornier problems with security and privacy on the Internet: how can we identify a person whose only observable physical manifestation is an electrical signal on a network connection.  In the physical world, we typically examine documents (such as a passport or driver’s license) to verify a person’s identity.   Garfinkel proposes that a government-issued electronic “ID card” could serve the same purpose.  It seems to me that this is another proposal where the devil is in the details; I’ll talk about it a bit more in a future post.


%d bloggers like this: