My Other Notes - The Future

Assistant secretary Stewart Bake from the DHSr spoke at the CFP-dinner. He started out by asking how many were libertarians, and then he asked how many had 72 hours of food and water of those. And if they did not have that - who did they count on to come save them?

Baker spoke about Katrina and said that they now realized that they needed two things: an ebay for givers and recipients of gifts as well as a 911-service for SMS, since this requires less functionality than real-time telephony. The DHS is working with this.

He then spoke about biological warfare. He said that one theory about the Anthrax-episode ws that an insider did it, to warn us. But that it went out of hand. (Much like the first Morris-worm of the net). The sophistication of bio-warfare is increasing quickly, doubling every year. With routinely available equipment you can generate moderate but scary viruses. The reason that this is not happening yet may well be that this is so scary. The spirit of this field is a lot like the spirit of the Internet - but people are working with very dangerous projects (the mouse-pox-example).

Posted by Nicklas at 01:12 AM | Permalink | Comments (0) | TrackBacks (0)

The number of cameras in the US is increasing quickly. But they are still nothing to the almost 4.2 million cameras in the UK. The future of privacy hinges on how these cameras are used, but one thing is certain: when the cameras are up, the scope of their use always increases...

Posted by Nicklas at 07:16 PM | Permalink | Comments (0) | TrackBacks (0)

(Notes from seminar at Univ of Washington 25/4)

The moderator started with a provocative question: ”Why do you think you deserve any privacy?” Answers varied, but most people pointed to the law:
”The US Supreme Court has interpreted the constitution to bestow some measure of privacy.”
”It's the law.”
He then went on to say that he had no feeling of privacy himself at all, and analysed today's situation as one where we have no privacy because the databases needed to destroy our privacy are readily available. But we accept this, because we buy convenience with loss of privacy.We buy security with loss of privacy.

(The question, of course, should be why the state deserves to know about me. But we never ask this.)

Computer image recognition and pattern matching is growing quickly, he then told us. He also noted that these developments are being pushed by unusual research areas – such as oceanography – where the need for image recognition is great. RFID was identified as another new technology that forces us to do a cost/benefit-analysis in privacy issues.

The thought that privacy is a balance you strike between convenience, security and trust and the private sphere is becoming more and more popular, but is it true? Can we have ”some” prvacy – or is it far more digital than that? If privacy comes in degrees, it seems reasonable to suspect that we could estimate the level of privacy we have today – but how could we do this? How do we retain ”some” privacy? Is there such a thing as a little privacy? It is easy to map someone with many small pieces of data – and the erosion of privacy is accumulative.

The speakers included lawyers, the chief information security officer of the university of Washington, a prosecutor, a marketing firm and a computer security analyst.

Kirk Bailey – CISO of the University of Washington

Bailey recommended a website called www.privacyrights.org that catalogues data breaches, and said that he found it hard to understand the apathy of people who seem not to care very much about protecting privacy (as opposed to caring about privacy as such). He then went on to criticize different data brokers, listing what they actually sell – and noted that they even sell DNA-identification! He also retold the ChoicePoint fiasco, where 143 000 Americans saw their data sold to criminals. But ChoicePoint is still not liable for the use and identity theft resulting from this deal, since there is no such liability in American law – yet.

The website, privacyrights.org, includes more than a 160 instances resulting in letters to more than 55 million Americans. 200 000 personal records are exposed twice a week, and this never makes the news.

Bailey also discussed what the solution to the privacy problem should be. He told the audience that he asked the NY Times to map him, and they did – legally for $100 dollars – and they got an enormous amount of information, birth records and performance audits from previous jobs and a lot of other materials. When it was printed in the New York Times it was revealed – from the birth cerificate – that his mother had a C-section, and this really made her angry. ”I didn't eat well at my mothers house for quite some time.” He asked what can be done to prevent this and noted that there seem to be few options.

Leaving the decision about privacy to the marketplace is a very bad choice, he said. We need more legislation – technology, he finished, will not solve this problem.

Ivan Orten, Senior Deputy Proesecuting Attorney, fraud division. Is it not strange, he said, that we call the most natural mode of accessing the Internet for the web? That is, as far as science understands, a trap, where you are poisoned and eaten. Quite appropriate, he noted.

Orten noted that data can be created, disseminated, by you, others, collected and linked or acquired by unauthorized persons. Then it is used for criminal purposes. We control – for ourselves – only creation and dissemination – but we are liable for it all! You should not bear the inconvenience costs for that which you do not creat nor disseminate? The costs are not allocated this way, he said, and this must be wrong. A fair allocation of the costs must by stopped by some barrier? Why?

And then he basically recommended the liability model tried by the European data protection directive. He also recommended that there be a liability for those that accept data – wrongly – to create identification.

Why is this not happening? There is no organized lobby, Orten said. And this makes it possible for credit card companies to open application online in five minutes. A free market, he said, would assign liabilities for this. The onus for fraud and identity theft should rest squarely on those accepting false data as a basis for different identification procedures.

Why are we not seeing class actions on privacy? Because the costs are basically individual, and it is hard to do, Orten explained. This also leads to a sort of tragedy of the commons – people do not care about the costs that are inflicted on the individual who has to clean up the aftermath of identity theft.

IT Lawyer John Christiansen, the next speaker, focused on the history of privacy and information protection standards of care. (Computational power of Apollo 11 is now available in a Furby, he also noted). Technology has become cute – he noted – with examples of ruberduck-USB-memories, and this is in itself something that has numbed us. 1999 the US had the Privacy Act and HIPAA – two small patches for protection of privacy, nothing else. The patchwork continued with EU safe harbors, Gramm-Leach, E-commerce Consumer Protection cases, State notification laws on identity theft, SOX and now class actions and Common law cases are coming. This is a patchwork, he said, and not a good one at that.

Posted by Nicklas at 03:39 PM | Permalink | Comments (0) | TrackBacks (0)

”The main difference between the European and American view of privacy is that in the US you have a responsibility as a data subject to actually watch over your personal data. If you disclose it you loose the expectation of privacy that you would otherwise have enjoyed. In the EU the responsibility is focussed on the collecting party, not the data subject”, explains Dr Garfinkel when we discuss privacy issues. He is a nestor in this field, with several books, papers and projects that testify to his deep knowledge of the issues. His observation is interesting, even though it can be challenged. The EU is after all focusing not only on the data collector, but rather on the personal data as such. Anyone that handles personal data – much like people who handle explosives – have rights and duties that follow from the legislation in place. But Garfinkel has a point - and his unique perspective on privacy is a strength in the on-going debate about the future of the private sphere.

But isn't privacy dead? This was after all the argument made by the provocative book The Transparent Society, by physicist David Brin. Brin argued that privacy was dead (and had the audacity to add a ”good riddance” to that observation), and that we had now better focus on issues of access to personal data, rather than try to preserve the already fictional privacy of individuals. Brins argument is met with vehement anger from Garfinkel and other privacy activists. The find it ”childish”, ”extremely shallow” and call Brin a blatant: ”technological determinist”. And the perhaps most interesting thing is this: they do not agree with him. Garfinkel in fact thinks that this time in our history will be remembered as the ”wild west of privacy”, when we had no clear regulations in place and faltered in our belief in this democratic core value. Things will, he thinks, become much better.

Maybe. It depends on many different factors, one of which is technology. Here Garfinkel is involved in one of the perhaps most interesting technological development projacts that the privacy scene has seen for some while. Classical privacy enhancing technologies fail because they add to much perceived cost to the user: noone has patience with configuring P3P-options or encrypting e-mails, and the idea of privacy brokers as it was launched by John Hagel III has never succeeded commercially. Early companies, like Privada, have returned to other, more security software oriented markets. But what if we could find a small, simple function that could, if modified only slightly, help privacy to develop in a much more positive way than today? If so, we could enhance privacy in a way that would be transparent to users and still very positive.

Garfinkel has found one such simple function: the delete and format commands in most common operating systems. Windows, for example, does not delete files that are deleted. It simply forgets where it put the file – but the file is still there, on the hard drive for anyone with the computer forensics skills to find. Garfinkel has already managed to get Apple to fix this in their operating system: there is now a secure way to empty the trash can, so that when it is emptied, the files are actually overwritten with random data seven times.

Why seven? Garfinkel sighs, puts his head in his hands and murmurs something inaudible. It turns out that there is no need to overwrite old data more than once, perhaps twice, but companies compete with the number of times the overwrite old data – as if this would in fact increase the level of deletion. In modern hard drives this is quite impossible to prove. Instead, it turns out, this is only a grotesque waste of computing capacity and speed.

”7 times are 6 times too many.” Garfinkel notes, and it slows the system 6 times more than necessary. But the perception of security seems to lie in magic numbers, still.

Garfinkel has in fact developed technologies for erasing and deleting data more completely, and he thinks that these technologies should be mandatory. In fact, he has even had the law changed by his one-man-privacy-lobbying-campaign. Companies that their own used hard drives have an obligation to erase them securely before they do so, he tells us. But resellers do not, and this is something tha Garfinkel wants to change.

Together with a German company he is currently buying used harddrives on Ebay – he has around a hundred different harddrives in his office, perhaps more – and he looks for personal data on these, to try to ascertain how many users actually delete their data before selling a harddrive, or if they do erase them if they erase them securely, not only using the substandard deletion commands in their operating systems.

His project has shown that second-hand harddrives that are not securely formatted may actually represent a huge risk to privacy for unsuspecting individuals.

Garfinkel hopes that Microsoft will include a secure deletion command in Vista, the upcoming version of Windows, and he says that he has at least gotten a verbal promise that this will be the case.

In his crusade against privacy infringing technologies, Garfinkel has also testified about computer forensics in court. In one case he succeeded in showing that the log files used to accuse a man in a case, where an ISP had suffered an intrusion attack in their systems that cost them a third of their customers, hade spelling errors and typos. Log files never have typing errors, he stated and showed the court the typos.

The prosecutor's side then had to admit that yes, they had edited the log files in a word processor – which of course amounts to tampering with evidence – something that weakened their case enormously. Garfinkel then could show that the timestamps on the log files – formulated as the number of days since 1/1 1970 – actually showed that the logs were written several weeks after they were printed. The timestamp mismatch clearly showed that the logs were fabricated and the accused was acquitted.

Computer forensics is a new field, but it will grow in importance as more and more court cases actually have to deal with digital evidence of different kinds. It will be interesting to see how Garfinkel changes this field as well...

Posted by Nicklas at 08:04 PM | Permalink | Comments (0) | TrackBacks (4)

The technology of radio frequence identification, RFID, is probably one of the most interesting examples of how the future of a technology is affected by the interplay between media and law. RFID has the potential to change transportation, shipping, identification of products and other supply chain processes for the better, creating more efficient systems and better economics. But - and this is no small but - it faces massive opposition in the form of media reporting.

Articles like these set the agenda:

"New website debates RFID privacy issues"
"EC to investigate RFID privacy concerns"

The result is of course that the industry is reluctant to implement the solutions, and it tries to find ways to create consumer acceptance for these new technologies. Both the Electronic Privacy Information Center and the Center for Democracy and Technology have adopted the issue as a profile policy question.

Other organisations - like the American Library Association and The Ontario Privacy Commissioner have looked at adopting guidelines for RFID use that they recommend.

All this for a technology that has yet to be implemented. And of course, we can soon expect legislators to like into the possibility of adopting regulations on RFID as a part of their agenda for privacy at large. Even thought advocacy organisations like the CDT currently do not recommend this, there is nothing to stop a cunning politician from turning this into an signalling issue showing the he or she cares about privacy.

This technology adoption pattern - a risk focused adoption pattern (RFAP) - is becoming more and more common. We see it in RFID, we see it in nanotechnology and it is sure to spread to biotech, genomics and other technologies.

This is a fairly new phenomenon. The Internet was not preceded by discussions of online porn, personal computers were not preceded by discussions on obesity, nuclear power (for crying out loud) was not preceded by discussions of profilation issues. These technologies were invented, tried out and adverse effects were handled as they emerged.

Risk focused adoption patterns are complex social phenomena. They seem to arise in societies that are aware of their own technological development, and they indicate a certain level of future shock (to speak with Alvin Toffler). They are detrimental to innovation systems and their economic impact, considering how these issues affect investment and market allocation of resources, may well lead to a slow-down in technological development.

Above all they signal that technology development has become a politically charged issue. Once the comcern only of technologists and engineers, the innovation system is now at the core of the modern information society.

Posted by Nicklas at 05:09 PM | Permalink | Comments (0) | TrackBacks (4)

I was reminded of the strange company Acxiom today. Obviously they now offer identification sourcing services, enabling security solutions and identity management. A truly interesting company with a perspective on privacy that borders on the surreal:

At Acxiom, we create and deliver customer and information management solutions that enable many of the largest, most respected companies in the world to build great relationships with their customers. Acxiom achieves this by blending data, technology and services to provide the most advanced customer information infrastructure available in the marketplace today.

They have recently started a subsidiary in the EU. Should be challenging, considering the data protection directive. And they seem to have been able to stay away from the news, other than in a few small magazines. They are now being taken over, or there is at least an attempt to take the company over from the founder - and to turn into into an even more efficient business model for selling personal data.

I realize that it is easy to condemn companies like this, but I think that the key question has to be why they arise. My prototheory is that they eliminate transaction costs in acquiring, maintaining and managing customer relationships. If this is the case, we must ask if the cost reductions that they create are worth it. And what checks and balances we can put in place to ensure that.

There is a new bill in the US now that is intended to give customers the right - analogous with the EU-rules - to access what information Acxiom and other similiar companies have that relates to the customer in question. That is a first step. But is it enough?

Posted by Nicklas at 03:18 AM | Permalink | Comments (0) | TrackBacks (0)