Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Privacy, Security and the Internet

By nodes in News
Sat Jun 03, 2000 at 10:15:38 AM EST
Tags: Security (all tags)
Security

"Liberty means responsibility. That is why most men dread it." -George Bernard Shaw

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, Historical Review of Pennsylvania (1759)

We are restricting our liberty in the name of "safety." It's a philosophical problem we need to address. The quest for a more "secure and safe" internet is leading us down the path to a reduction in our power and capability. We have overlooked something important in our quest to design a "secure" Internet which protects our "privacy." We have overlooked the user. The browser manufacturers are deciding for you what level of security you MUST accept, supposedly for your own benefit, because they "know better" what is needed. In actuality they are restricting your liberty and enforcing a commercial bias. They have gone immediately to "lowest common denominator" thinking because it appears to be the way which yields the most profit.


ADVERTISEMENT
Sponsor: rusty
This space intentionally left blank
...because it's waiting for your ad. So why are you still reading this? Come on, get going. Read the story, and then get an ad. Alright stop it. I'm not going to say anything else. Now you're just being silly. STOP LOOKING AT ME! I'm done!
comments (24)
active | buy ad
ADVERTISEMENT
The Internet should not be restricted to uses which yield a profit. Security choices should be left to the user, rather than enforced by manufacturers or governments in order to maximize the profit-making potential of the Internet.

For example, the endeavor to make browsers "secure" is an error of great import: we are now preventing the user from having the power to CHOOSE their security. Manufacturers have assumed that users are stupid and will choose to violate their own security if they are given the option to do so. So the browser manufacturers have restricted your ability to control the level of security you enjoy.

Let's look at a specific example. When you are using Netscape or Internet Explorer you may have a number of different windows open to different sites on the Internet at the same time.

For security reasons, none of these windows is allowed to know the URL (address) of any of the others, unless that address is one which comes from the same domain. It would be very useful to know this information, since you could use it to make recommendations in one window for the page held in another window. You might also want to extract all the links from one window and use them in another. Many capabilities are disabled because you are prevented from knowing the contents of other windows.

Now suppose there was a switch in Netscape or Internet explorer which gave you the capability to "reach out" to other windows and extract information from them. You could set the switch at the user level, thereby negating any security which existed to prevent you from doing so. What's wrong with that?

The argument goes like this: people would be deceived into throwing the "switch" and opening the security door without full understanding of what they were doing. Therefore, we cannot allow ANYONE to do so.

The underlying philosophical idea is thus: "Since some people will act in ignorance, ALL people must be treated as ignorant." It's "lowest common denominator" thinking at its worst.

I have had a discussion with a man who is working to build a "secure" online voting system for the government. Let's suppose for a minute that he succeeds in this endeavor. What is to prevent people from giving or selling their passwords to others? Nothing. How could you possibly know if someone is who they say they are? Most Internet Providers dynamically assign an IP address when you log on. Voting could not be restricted to users based on IP address without a massive infrastructure to coordinate dynamically allocated IP addresses with the "centralized" computer which allowed you to vote.

The result would be more laws and more criminalization for the people who sold or gave their voting passwords to others. Now we would have the "internet police" monitoring all kinds of activity in the name of "secure internet voting."

Netscape and Internet Explorer have recently discovered a security flaw in the design of the http protocol itself. The results of a form submission can be re-directed to a foreign window or frame. So they have decided to restrict users from this capability in the latest releases of their software. Pages which used to work will no longer work. We have been "disabled" for purposes of enhanced security.

To see how this affects you, go to:

Frameshop

and select the "Separate window" radio button.

Then design a frameset and press the "Frame Me" button.

If you are using Netscape version 4 you will receive the frameset in a separate window. If you are using the latest versions of either Netscape or IE, the results will be in the SAME window. It is considered a "security violation" to return the contents of a form into another window. The result is a handicap to the user, because you must now press the "Back" button to return to the original page.

This may seem like a small price to pay in order to gain added security, but if you look at my program, the Synergy Desktop, you will find it does not even work in the latest versions of Internet Explorer and Netscape because of this security restriction. How many other sites are now unusable to users because their new browsers are restricted to enhance security?

We are losing power in the name of security and the user is not even given a choice in the matter. Users are assumed to be too ignorant of the consequences to be left the power of choosing how their browsers will operate. So the manufacturers are taking away our power in the name of security. They ASSUME we want the security rather than the power to choose for ourselves. This is wrong-headed and dangerous.

We should consider the call for more privacy as a direct attack on our liberty. The Internet should be an open place. We should learn how to trust each other and how to live in the open. Criminal activity can still be treated in the same manner, but we should not make new laws to protect our privacy. It's dangerous and foolish. It destroys liberty, choice, power, and ultimately leads to a "dumbed down" Internet.

What should we do instead? We should educate people at every opportunity about the dangers of using the internet. We should give them options for security and tell them what these options mean. We should enable each individual to make their own decisions about their own levels of power and responsibility.

Responsibility and power go together. If you want power, take responsibility. If you have power, you are responsible. The browser manufacturers and those calling for more "privacy and security" are telling you that you cannot be trusted to use power responsibly and must therefore be "protected from yourself."

Education is always the answer. People need to be educated about how insecure the Internet really is and how privacy is a myth.

Suppose that you are having a chat with someone who is at work for a corporation. You might want to believe that the contents of your chat are private. You might even have selected "Private chat" when you initiated the chat. But that user is operating within the confines of a corporate environment and their superiors have a legal right to monitor ALL communications in and out of that environment. That means that someone else may be monitoring or recording the contents of your chat without your knowledge or permission.

So what is privacy? Private from whom? Are you even aware that the person you are chatting with is operating from a corporate computer? Are they aware that their communication is being recorded or watched by their boss? Suppose they are operating from their home computer, but send a transcript of the chat to themselves via email and retrieve it the next day while they are at work. Your "privacy" was nothing more than a fanciful myth.

If the FBI serves Yahoo with a subpoena for your email files, Yahoo will comply and turn them over to the FBI and never tell you anything. What kind of privacy is that? If you send an email to someone who retrieves it from their workplace, their employer may well know about it. What kind of privacy is that? And there are many other ways that Internet communications can be intercepted at various levels, including the router level.

What's the solution? Learn to live in the open. Privacy has always been a myth. I remember when I was living in New Zealand and the woman who I loved went to a psychic to find out what kind of a father I would be if we had a child. When she told me the information the psychic gave her and I was astounded at the resonance it held. I felt my "privacy" had been invaded. In retrospect, I can see how this was the beginning of the end of that relationship.

Privacy is a matter of respect. It should not be assumed or guaranteed by law. If someone uses information they obtain about your "private" life in a criminal manner, they can already be prosecuted under existing laws. We don't need new laws. We must instead learn to live in the open and respect each other so that we can all enjoy the "illusion" of privacy. Information is available, whether through the Internet or other means. We must learn to respect each other enough to GRACE each other with privacy. It is not now and has never been a proper matter for government to attempt to control or regulate. There is no provision in the Constitution to protect your "privacy."

The more we attempt to curtail the invasion of privacy, the more we leave government as the only entity which can invade our privacy. It is the essence of concentrating power and authority in the "hands of the few." It is "Big Brother."

Privacy is a spiritual matter. Law is a matter of government, of controlling peoples' behavior for the good of all. Privacy and law should not be coupled because it leads to a reduction in the liberty of the people. It also leads the people to live in fear of each other and use the law as a weapon against each other. It leads to the dissolution of the very fabric of society, a fabric built out of mutual trust.

Security, on the other hand, is always to be viewed as a matter of degree. The National Security Agency talks about security in terms of "degree of security" or "level of security." They do not pretend that anything is "absolutely secure." They know better. It is their job to break security, including all encryption methods.

Of course, we can get better and better at doing things to secure information, such as passwords. POP email is more secure than web email. Encrypted messages are more secure than unencrypted messages. But ultimately the message exists in an insecure form at some point. There are even devices which can view the contents of your computer monitor from hundreds of feet away, without any cable or a visual "line of sight." The radiation emanating from your computer can be interpreted and the contents of what is on your screen can be "read" by someone in a van outside your house.

Privacy? What's that? An illusion. Security? What's that? If you lock the doors of your car it makes it secure, right? Wrong. It's only a sign to a would-be intruder that you want him to respect your privacy. The AAA can get into virtually any car in a matter of seconds. So can someone with a baseball bat!

Privacy, security and safety are spiritual matters. The more we attempt to "control" them the more we become slaves to our own fears. The solution is education. We should always leave individuals make their own decisions and accept the responsibility for them. The problem has been that some people want a guarantee of security and there is none to be offered ... only the illusion of the same and laws which threaten to make more people into criminals.

There are two faces to "Big Brother" on the Internet. One is clearly visible in organizations like doubleclick.com which track us as we wander around the web through their omnipresent ads. The other face is harder to see but even more sinister; it is the face of people who are making decisions "for your benefit" which will take power away from you.

Be wary of Big Brother in all its manifestations. Rather than live in fear of others, learn to trust them. Rather than trying to restrict others from knowing what you are doing; tell them! Good moves faster than evil. If you are trying to conceal your activities on the web, you may well be doing evil. You should stop doing evil and start doing good! You should share everything you do with others. You should realize that privacy and security are illusions we cling to out of fear. The less fear we have the more love we have. The less expectation we embrace, the more trust we can enjoy.

We have been trying to fit a square peg into a round hole. The Internet is not meant to be "secure, private, and safe." It is meant to be a training ground for the next step in human evolution, where we will live in the open and have a government we trust. That's what we should be working for now, rather than pursuing illusions of security, privacy and safety.

If you aren't releasing secure information, such as your credit card number, why should you be handicapped by high security restrictions? If you don't care if people track your movements on the web, why should you be restricted from allowing it? Tracking can help us find each other.

Remember what the insurance salesman does? He tries to get you to feel "insecure and unsafe" so he can sell you a policy. But does that feeling go away after you buy the policy? No, of course not, because if it did you would cancel your policy!

Instead, you are perpetually enslaved to your fears.

Don't buy into the fear. Ask yourself "What do I have to fear?" If you have anything to fear, you may want to address the cause itself, rather than trying to change the world to conform to your fears. That only serves to create more fear.

Trust is better than expectation.

I release all fear.

I am responsible.

Steve Moyer

Author, Synergy Desktop

Synergy Metabase

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Yahoo
o Frameshop
o Synergy Desktop,
o Steve Moyer
o Synergy Desktop
o Synergy Metabase
o Also by nodes


Display: Sort:
Privacy, Security and the Internet | 27 comments (27 topical, editorial, 0 hidden)
This is an interesting argument. I... (4.70 / 3) (#7)
by Pseudonymous Coward on Fri Jun 02, 2000 at 09:54:17 PM EST

Pseudonymous Coward voted 1 on this story.

This is an interesting argument. I don't necessarily agree with the premise -- certainly not all the points -- but it is at least a well thought out article, and thorough.

Personally, I believe there is a proper balance between functionality and security, and unlike the author, my code isn't breaking because of new security restrictions in browsers. In fact, often I face more problems with newly implemented -- or poorly implemented! -- insecure features. Convenience and security are often at odds, and in some applications the balance should favor one over the other.

Also, I don't agree that we are "losing power in the name of security." More often than not, I find that we are losing power because of the lack of it: Poor browser security, poor desktop security, poor application security, poor network security. I'm not talking about the specter of Big Bad Skript Kiddiez. There are tons of corporate entities just drooling over the opportunity to take advantage of the user's insecure state. Several high-profile stories have floated past about Big Bad Corporations doing Evil Things like unauthorized usage profiling (Comet Cursor, RealPlayer, Aureate/Radiate) , surreptitious addition of license monitoring (Microsoft Office 2000 SR-1, Windows Update) and we are still only at the very top of the slippery slope.

Don't expect the situation to improve until users have more control over the security of their applications and environment -- as well as the education and intuitive interface concepts to take advantage of it. I can catch this kind of traffic before it leaves my network, because I have the tools and experience to do so. We need to get those things into more users' hands so that they can make informed choices about security versus convenience.

I'm sorry your application broke, Steve. That's frustrating when your users' platform moves out from under you like that. But please don't infer your single experience into the world of security at large. There is a time and place for both security and developer/enduser convenience.

It's too long for me to keep readin... (none / 0) (#13)
by _cbj on Fri Jun 02, 2000 at 10:05:21 PM EST

_cbj voted 1 on this story.

It's too long for me to keep reading, it must be good!

Very thorough and compelling writeu... (none / 0) (#3)
by Demona on Fri Jun 02, 2000 at 10:21:34 PM EST

Demona voted 1 on this story.

Very thorough and compelling writeup.

damn...... (none / 0) (#16)
by reas0n on Fri Jun 02, 2000 at 10:25:24 PM EST

reas0n voted 1 on this story.

damn...

Interesting. Not really my views o... (none / 0) (#11)
by belial on Fri Jun 02, 2000 at 11:01:12 PM EST

belial voted 1 on this story.

Interesting. Not really my views on the subject, but interesting indeed.

Isn't this a good example where ple... (3.00 / 1) (#19)
by Logos on Fri Jun 02, 2000 at 11:14:33 PM EST

Logos voted 1 on this story.

Isn't this a good example where plenitude/market forces are the answer? Why can't there be "extreme" browsers optimized for full-throttle net-types and the Net equivalent of a Lincoln Towncar: big and soft? Heck, this actually provides a passive way to create islands of inverse-speak-easies, where you can get in only when you have a variable-security browser . . .

Default settings which are secure g... (none / 0) (#2)
by Inoshiro on Fri Jun 02, 2000 at 11:45:58 PM EST

Inoshiro voted 1 on this story.

Default settings which are secure goes a long way towards making the system secure always. Just look at OpenBSD. Perhaps they are just targetting their browsers at the wrong kind of clientelle, but I agree with having a default secure security setting.

OTOH, they should provide you a means to do this. But then, scratching an itch is what Open Source is about. So it shouldn't be hard to make the (much snappier in recent builds) Mozilla browser allow this :-)



--
[ イノシロ ]
I'm only halfway through and I alre... (4.00 / 1) (#6)
by eann on Sat Jun 03, 2000 at 12:46:48 AM EST

eann voted 1 on this story.

I'm only halfway through and I already want to start making comments.

The argument goes like this: people would be deceived into throwing the "switch" and opening the security door without full understanding of what they were doing. Therefore, we cannot allow ANYONE to do so.
Try this argument: every user's checkbox preferences are recorded somewhere. Obviously, the browser and the system software need to have read/write access to those kinds of places. So by allowing for the possiblity of enabling something like that, we're pretty much counting on the fact that someone, somewhere, will find a way to exploit it without letting us know. Someone will make it programmatically easy to ask the user for consent to flip the switch, for the convenience of web designers who really do know what they're doing. Then the first foil will be sloppy evil VBScript, but it'll open up credit cards and passwords and other juicy bits about millions of people. The next will be a Javascript buffer overrun someone didn't catch in a new version, and that'll unleash information about a few million more. I know the slippery slope makes for a terrible logical argument, but we really do have to consider it. For every idiot-proof device, someone always makes a better idiot.
We should consider the call for more privacy as a direct attack on our liberty. The Internet should be an open place. We should learn how to trust each other and how to live in the open. Criminal activity can still be treated in the same manner, but we should not make new laws to protect our privacy.
The intent of (most) calls for privacy legislation seems to be to protect consumers from big business, not to protect us from thieves. I do believe it's reasonable to expect that my credit card purchases won't be published in the local paper (or handed to Independent Counsel without a court order), and that buying some junk food at the grocery store won't automatically raise my health and life insurance premiums. I do not believe that the companies involved would hold themselves back from selling this kind of information about me if they thought they could get away with it.
Education is always the answer. People need to be educated about how insecure the Internet really is and how privacy is a myth.
I'll start with my family, friends, and acquaintances; you start with 20+ million AOL customers. I don't disagree that people knowing what the frell they're doing would improve things significantly. Pandora's box is already open. The dam has broken. The neutrons have impacted the Plutonium nuclei. It's a whole lot harder to put the cat back in the bag. [Insert your favorite trite metaphor for "Sorry, buddy, it's waaaaay to late for that" here.]

I disagree (in principle or implementation) with some of the so-called "privacy" and "security" measures that exist. And I have been known to say that over-reaching "security" to the point of severely hindering functionality is likely a sign of incompetence. But I don't share Mr. Moyer's pessimism about the general state of things.

The people I'm most worried about are the ones who can't make software that is secure when I want it to be, for things like credit card transactions or remote system administration on one of the servers I run. By adding a layer of complexity to do things like share data between windows or send form results to a new window (especially when I could have opened the new window for the form to begin with), I think software makers would be putting legitimate security needs at serious risk. In my opinion, that's not acceptable.

Our scientific power has outrun our spiritual power. We have guided missiles and misguided men. —MLK

$email =~ s/0/o/; # The K5 cabal is out to get you.


Wow. A longwinded rant. ... (none / 0) (#8)
by inspire on Sat Jun 03, 2000 at 01:05:21 AM EST

inspire voted 1 on this story.

Wow. A longwinded rant.

You suggest that we ignore computer security because it's unattainable? Just because your latest whiz-bang feature doesnt work because there is a potential security problem with it doesnt mean we should go the way of programming nifty features without considering the security impact.
--
What is the helix?

Interesting comments. ... (3.00 / 1) (#14)
by PresJPolk on Sat Jun 03, 2000 at 01:10:43 AM EST

PresJPolk voted 1 on this story.

Interesting comments.

I can't help but stand up to the views of privacy. You say that privacy is an illusion. But, there was a time when slavery was considered part of life. There was a time when open labor unions challenging a corporation the size of GM would be a dream. There was a time when the world was considered doomed to famine.

If something is important enough, it can be changed. But, it can only change if enough people know of the problem, and want it solved. Society is only now beginning to realize how nice and useful privacy can be. So, rather than give up on the idea, now is the time to stand up for privacy, and fight for it.

Privacy is not a purely spiritual matter. If there were a law, making it flatly illegal to sell personal information, and attaching a severe fine for each count of such illegal information transfer, privacy would suddenly be a real, definable thing.

I'm left with one umbrella question, Steve. What is it you want? You've done a good job describing a harsh view of modern information. You go on to say that we need to address the "cause" of our problems. What exactly is it you want us to address? Is it that you want us to, in the words of Scott McNealy, "get over" the idea of privacy? If that's the case, then describing the lack of privacy to society is the last thing you want to do.



somebody wake me...... (none / 0) (#17)
by GreenLight on Sat Jun 03, 2000 at 01:48:16 AM EST

GreenLight voted -1 on this story.

somebody wake me...

Get off of the soapbox, your compla... (none / 0) (#9)
by dieman on Sat Jun 03, 2000 at 02:19:30 AM EST

dieman voted -1 on this story.

Get off of the soapbox, your complaining about very little. There has to be a way to still do this and achieve the results you want.
---
blah

Good idea, maybe even a good articl... (none / 0) (#4)
by FlinkDelDinky on Sat Jun 03, 2000 at 02:58:02 AM EST

FlinkDelDinky voted 0 on this story.

Good idea, maybe even a good article, but I never made it to the end.

Sounds like you're pissed bacause the browsers busted your software. The easy fix is to code for the Lizard. Yah dude, the lizzard rules, woo hoo, the LIZARD!!!!!!!!!

I think the Armadillo is pretty cool too. Anybody think they've got a snowballs chance in hell to get 'fully' functional browser out in a year.

Nice writeup, but I can't agree wit... (5.00 / 1) (#5)
by Dacta on Sat Jun 03, 2000 at 03:51:08 AM EST

Dacta voted 1 on this story.

Nice writeup, but I can't agree with your point. Defaulting to no security is not a good idea.

Apart from the obvious problems, what happens when a user who knows what they are doing decides to turn on the security? Then a whole lot of things will stop working, and people will just say "turn off your security, it works then".

I like a high degree of security, thankyou. I'll turn it down if and when I choose.

Too long. Should have been a link.... (none / 0) (#10)
by buzzbomb on Sat Jun 03, 2000 at 04:06:44 AM EST

buzzbomb voted -1 on this story.

Too long. Should have been a link...

Re: Too long. Should have been a link.... (none / 0) (#22)
by Qtmstr on Sat Jun 03, 2000 at 12:28:12 PM EST

Long stories are good! Besides, if he wrong it for K5, what would he link to? He'd have to put it up on a crosswinds page or somesuch.


Kuro5hin delenda est!
[ Parent ]
The above article is well written. ... (3.00 / 1) (#1)
by sakico on Sat Jun 03, 2000 at 04:34:06 AM EST

sakico voted 1 on this story.

The above article is well written.

It seems that as time goes by, there are more and more people who feel this way. I am definately one of them. Technology is going to make privacy impossible. Rather than entering denial and pretending that we can protect our privacy and/or anonymity, we must accept that it is simply not feasable. We should work towards making the approaching open world a good one.

I ask you a question: Is it better to pretend that massive crosslinked databases don't exist within the corporations and the governments of the world, or to acknowledge their presence and make them available to everyone rather than just the rich? Remember the whole time that with a social security number and $50, you can get an individual's credit rating over the internet. This small charge isn't stopping anyone who wants to get the information.

With my real name, you can get my street address and phone number over the internet through online phone directories. You could also use a variety of search engines and find out my life story and my attitudes towards all sorts of things. You could find this in comments like this on web forums, posts to newsgroups, interviews on media sites, and so forth. I am not giving you my name, so you can't do this easily at this time. But if you tried hard enough, there is no doubt that you would succeed. Wouldn't it be better that everyone can quickly find all the information you could possibly want about everybody, when the only alternative is that only the powerful would be able to find this information? This isn't a trick question. There is no third answer. It is either everyone has access, or only a few have access.

I suppose some would prefer the latter. After all, your ISP knows you both read and post on alt.sex.fetish.kitty.litter and they aren't telling anyone. There's just one problem with this happy little scenario - at any time they desire, they could. If this was an openly known fact, people might look at you a little oddly but life goes on. If this is a secret and you get into politics, you are running in an election, and you have a viewpoint on an issue that the owner of your ISP violently oposes, he might let some logs slip out. Scandal rocks the town. If he had some sort of privacy policy about this, he may be willing to pay a fine or even be jailed for breaking it. (As if privacy policies were enforced so strongly) I know that this isn't the greatest example of skeletons in the closet, but I'm sure you get the idea.

(Off topic: "Leaders only reveal those of their flaws which will make them more popular" - Frank Herbert, Dune Messiah, paraphrased from memory)

David Brin's _The Transparent Society_ covers the issues in much more depth than I could possibly give here. He also does it much more eloquently than myself. (He has editors and several drafts. I don't even get a preview.)

Of course education is key. I belie... (none / 0) (#18)
by louridas on Sat Jun 03, 2000 at 05:55:08 AM EST

louridas voted 1 on this story.

Of course education is key. I believe, however, that a regulatory framework is needed. Is the market enough to decide in matters of privacy? The US used to think so, Europe has always been more sceptical. The point is that if something in the end has to regulated, who can be trusted? Corporations? Or should the consensus emerge from a democratic process?

Education doesn't work when people ... (none / 0) (#12)
by tjansen on Sat Jun 03, 2000 at 07:52:05 AM EST

tjansen voted 1 on this story.

Education doesn't work when people dont want to be educated. 90% of all internet users just want to use the net in a convenient way, and this includes that they dont have to worry about security. If they lose one or two less-important features - who cares? Much better that being afraid every time you do an online transaction that someone might sniff your credit card data. I dont know about the US, but according to surveys in Germnany the lack of trust in the security of internet transactions is one of the most important problems in the adaption of the net for what PHBs call electronic commerce.

We should consider the call for mor... (5.00 / 1) (#15)
by maynard on Sat Jun 03, 2000 at 09:22:34 AM EST

maynard voted -1 on this story.

We should consider the call for more privacy as a direct attack on our liberty. The Internet should be an open place. We should learn how to trust each other and how to live in the open. Criminal activity can still be treated in the same manner, but we should not make new laws to protect our privacy. It's dangerous and foolish. It destroys liberty, choice, power, and ultimately leads to a "dumbed down" Internet.
This is patently ridiculous. To argue that fixing a minor frameset bug in IE and Netscape, which happens to affect the author's web application, is somehow reducing the "liberties" of end users and therefore argues against rational security is plain folly. If you want to open a discussion on security, privacy, and user liberties I suggest you research European privacy laws, current American corporate privacy rules, and look for the chasm in between.



Read The Proxies, a short crime thriller.

Privacy vs. Transparency (3.00 / 1) (#21)
by Anonymous Hero on Sat Jun 03, 2000 at 11:45:58 AM EST

I strongly disagree with the premise of this article.

Our current right to privacy is a "lecal fiction". The bill of rights has admendments which restrict the invasion of our homes by the government. Further, there are laws against people peering in our windows (even against people who only want to know refrigerator we have to offer us a bargain on a new one!).

Instead of pretending to be unaware of massively linked databases about an individual, I feel we should demand legal protections against the information about us. Provide limits on the amount of time identifiable information might be logged, and prohibit the sell or transfer of it. Prohibit the massive linkage of databases.

Why should my ISP even know of my interest in alt.sex.fetish.obsolete-computer-equipment, any more than my postman should know that I'm getting old 8" drives in those big white packages?

The argument of "if information is outlawed, only outlaws will have information" isn't relevant in this case -- the use of the information will be obvious and legal penalties could be tuned to reduce the financial benefit. Outlaw operators who collect information can do so, but they would only be capable of doing so on their own systems which could then be avoided.

Lastly, we must remember that corporations haven't always had the same rights as individuals. Restricting corporations seems reasonable given the priviledges that their officers have.

the web {=} security antithesis, and the illusion (none / 0) (#23)
by maphew on Sun Jun 04, 2000 at 05:25:43 PM EST

Interesting read. There are so many different angles and themes to respond to I'm not sure where to start, so I'll just ramble. :)

I think one of the core problems with the privacy versus security, or personal control versus corporation/beauracratic control, in the context of the www is that the web is trying to be all things to everyone. It's the old when you have a hammer in your hand, everything looks like a nail attitude.

The web by structure is open and promiscuous which simply does not lend itself to secure or private transactions. Open because the bones are built on linking. Promiscuous because anybody is allowed to use the network, more or less anonymously. The more links and the more users (who contribute content and more links) the more valuable the network.

A secure network on the other hand gains value by having only a few well understood and well controlled links where every transaction and every participant can be blocked, allowed and tracked at will.

Why on earth does anybody think these two diametrically opposed networks can be built on the same structure - the web, using the same tool - the browser?

I'll posit a possible answer. This is the age of dissolution and mergers. Government is being parceled up, decentralized, and devolved to the private sector (big government = bad). Companies are being bought up, consumed and dissolved into huge multinational-mega-conglomerates (big company = good). Corporations survive on selling products, making money. It's only natural they should attempt to reform the web and the browser - which are already built, functional, and have an enormous population - into a money making venture. Financial transactions require security, which implies and centralized control and diminished personal privacy ... and here we are with a single network not really open and not really secure.

+++

About the "learning to live with no privacy" thing. I think you touched on something important there.

In "meatspace", face to face interaction, there is no privacy. Everything you say out loud can be heard. Every nuance of your body posture can be decoded. The tone and timbre of your voice is letting it "all hang out". The clothes you wear or don't, the car you do or don't drive, the business you do or don't work for all place you within a certain income bracket, a certain tribal membership, a certain set of philosophical beliefs, etc.

And yet we still have, or at least act as if we have, a modicum of privacy. In a restaurant we carry on conversations about personal matters. We don't tell the couple upstairs who conduct their weekly tryst every saturday morning that they need to oil their bed springs. The elderly man down the street who has lost control of his bladder secretions is left to handle his embarassment 'in private'. We notice all these things, but don't talk about them. Or if we talk about them, we don't talk to the person concerned, letting them preserve their illusion of privacy and they do the same for us.

When I was fifteen a goup of us were hanging around the park gabbing about this that and the other thing. "Joe" blurted out something about waking up in the middle of the night with sticky creamy white stuff all over his sheets. There was a sudden moment of absolute silence which lasted for about ten seconds, and then all conversation resumed exactly where it left off as if the interuption (eruption?) had never occured. Nobody acknowledged Joe's statement ever sounded, inlcuding Joe.

In short the only reason we have a sense of privacy at all is because we have developed manners.

That being said, I still wan't privacy on the net. It's a new paradigm and manners are in short supply. If my meatspace neighbour breaks "the rules" and invades my personal space, I can do something about it. Talk with him, shout at him, heck even punch him in the mouth and call the cops. He is accessible to me and I to him.

Post Script: Anybody who wants to read about the construction of social realities and the illusion of privacy, as well as the illusion of your ego ("you") being in control of your own mind and how we lie to ourselves about it should read Daniel Goleman's Vital Lies, Simple Truths - the psychology of self-deception.


Privacy and social accountability. (4.00 / 1) (#24)
by Anonymous Hero on Mon Jun 05, 2000 at 04:33:36 AM EST

Privacy is a matter of respect.

No. It is a matter of accountability. If someone peeps through my window or removes snail mail from my letter box, then they are ( relativly ) easy to detect. Under such circumstances, threatening to give them a black eye is normally enough to deter them from repeating the offense. The possibility that they may be ostracized by the people around them is a strong social deterrent to such behavior.

In the case of the Internet, this argument does not apply. There is very little that I can do to someone on the other side of the planet if they start sniffing my private correspondances or if they break into my machine and start helping themselves to data that I haven't chosen to make public. In the same way that it's relatively easy to avoid people in a big city, it's also easy to avoid people out here.

But ultimately the message exists in an insecure form at some point.

But if it only exists in insecure form on machines that are not connected to the Internet, the argument is irrelevent unless you can gain physical access to those machines. That's not something that you can do remotely.

There are even devices which can view the contents of your computer monitor from hundreds of feet away...

Tempest can be blocked with electromagnetic shielding. Fine wire mesh and aluminium foil are pefectly adequate for the commercial versions that are currently available.

One is clearly visible in organizations like doubleclick.com ...

Use domain name blocking.

Rather than live in fear of others, learn to trust them.

Trust is hard to come by out here once you have been cracked. If people want my trust, then they can earn it. That's the way it is in real life. Why should the Internet be any different?

Tracking can help us find each other.

The old mantra of "if you aren't doing anything wrong, you have nothing to hide". History has shown that this attitude is commonly held by the sheep as they are lead to the slaughter house.

I am responsible.

But others aren't and it takes only a handfull to make life hell for everybody else. Because of the, a reasonable expectation of privacy is necessary.

For me personally, the internet stopped being a free and open means of communication a long time ago. Because of that, there are many things that I simply refuse to discuss online ( regardless of the number of anonymizers and/or encryption in use ). This includes not only aspects of my personal life, but also the calculations and other research material that I have spent literally years collecting and collating. If people had asked politely, I would have probably told them. Instead, they tried to take it by force and now it resides on a totally isolated system with no external connections. My refusal to discuss it has become a pointed insult to those who took too many liberties that they were not entitled to.

To me, this is the point that the author of this article misses ( and badly ). Like so many of these 'Transparency advocates', they fail to realise the totally predictable consequences. As the need to secure data becomes more of a problem, this will result in the removal of data from publicly accesable systems and it's transfer to systems that are *not* connected to the Internet. This is already happening with private individuals, corporations and government institutions. 'Transparency' is not the solution.

You might be strangling my chicken, but you don't want to know what I'm doing to your hampster.



Re: Privacy and social accountability. (none / 0) (#25)
by Alhazred on Mon Jun 05, 2000 at 09:36:04 AM EST

You miss the point entirely. You need to RELEASE YOUR FEAR. It controls you. Whatever this valuable work is that your doing, would it actually HURT anyone if it had been released? I doubt it. Your motivation is CONTROL. YOU want to be the one that controls this information. Its YOURS, and nobody else is going to tell you how to use it! This is flawed thinking. The problem isn't other people, the problem is in your own attitude towards them and towards your work!

The old mantra of "if you aren't doing anything wrong, you have nothing to hide". History has shown that this attitude is commonly held by the sheep as they are lead to the slaughter house.

Thats just a deliberately incindiary statement. Its quite frankly bullcrap. I stand proud, independant, willing to defend my TRUE liberty, and not the least bit afraid of what other people will see if they happen to rifle through my hard drive...

I'm not saying either that people shouldn't keep certain things private, but we should all learn to realize that by trusting each other and leaving it to other people's respect of us to insure that privacy that we are all better off.
That is not dead which may eternal lie And with strange aeons death itself may die.
[ Parent ]

Re: Privacy and social accountability. (none / 0) (#27)
by Anonymous Hero on Tue Jun 06, 2000 at 08:27:17 AM EST

Your motivation is CONTROL.

My motivation is vanity. I see no reason why I should not receive credit for my work by having *my* *name* *on* *it*. My work is of no commercial use, but I see no reason why I should not be offended by such blatent plagarism.

Previously, I would have shared the data with others. I am no longer inclined to doing so. Furthurmore, by not storing that data on an Internet connected system, I have effectivly eliminated another potential motivation for any would be attacker.

...and not the least bit afraid of what other people will see if they happen to rifle through my hard drive...

I will be most interested to see if this attitude continues after some script kiddy not only riffles your private files but also deletes or corrupts large amounts of data on your system. Inept, wannabe system crackers are not well known for their neatness or attention to detail.

...we should all learn to realize that by trusting each other...

Trust must be earned. If you make a gesture of trust and it is respected, then trust increases. If you make a gesture of trust and it is abused, then those who have abused that trust have no right to complain if the level of trust decreases or goes to zero.

You might be strangling my chicken, but you don't want to know what I'm doing to your hampster.



[ Parent ]

Re: Privacy and social accountability. (none / 0) (#28)
by Alhazred on Thu Jun 08, 2000 at 11:09:38 AM EST

VANITY, dust in the wind is all we are. You are letting your anger control your life and destroy any value your work could have had. I feel sorry for you.

As for what my attitude might be AFTER this that or the other has happened, sorry sir, but I've already passed those tests... You have no idea what I've been through. In matter of fact I run a few different systems here and there on the net and I've gotten several hackers busted hard, etc. I know all about it.

I guess what I'm trying to say is you will get what you expect to get from people. The world is what you make it, and you fight that battle in your own heart and mind. If you want to be hurt, offended, and vain, then you will be.

Personally I think life is too short for that.
That is not dead which may eternal lie And with strange aeons death itself may die.
[ Parent ]
In a perfect world, communism would work also... (none / 0) (#26)
by finkployd on Mon Jun 05, 2000 at 11:27:29 AM EST

Arguing for an 'open' and 'transparent' net? Accepting that perfect security is unatainable and dropping ALL forms of security and privacy because they can all be 'broken' or defeated somehow?

Sure, this would be a great idea of the net were composed of people like us. I imagine most of us don't try to read others e-mail, intercept credit card numbers, or stalk and harrass other. However, the net is fast becoming a mirror of the 'real' world, with all it's flaws and unsavory characters. I would love to live in a world where I could send my credit card unsecured over a computer line, where I wouldn't think twice about not having a password on a POP account, where I could leave my doors unlocked on my house, and where I had no need to a firearm to protect my family.

Unfortunatly that world doesn't exist in cyber or meatspace, and I'm not going to be the first to give up my security to take a stand and be a beacon for others. Are you?

Finkployd




Sig: (This will get posted after your comments)
Privacy, Security and the Internet | 27 comments (27 topical, 0 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!