[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freehaven-dev] some food for thought (and argument)

\subsubsection{Is privacy bad?}

A common belief is that those who choose to communicate via strong
cryptography or other cryptographic protections on privacy have
`something to hide', and that normal upright citizens have no need
for cryptography.  Similarly, some believe that people who speak
anonymously are somehow ashamed of the actions that they take behind
the shield of anonymity. However, this ``notion that only shame
generates a desire for privacy is a moralistic one''{\footnote {\tt
Privacy in our ordinary lives is something that we take for granted --
would you be willing to publish your tax return worldwide? What if your
neighbor published the contents of your garbage on the evening news? Is
using cryptography to achieve privacy in online activities really any

Frequently, people respond to these disturbing possibilities by denying
that they could happen to them: after all, safety in numbers should be a
sufficient defense against any other individual or organization wanting
to collect information about `typical' citizens.  However, this defense
is terrifyingly naive, considering the explosive growth of storage and
data warehousing and retrieval technologies in the past few years.
Companies ranging from Doubleclick to Amazon collect a startlingly
wide array of information about potential customers, in the name of
directed advertising. Insurance companies might cross-reference with
Amazon to determine whether their customers have purchased books on
car racing.  Divorce attorneys might cross-reference with credit card
companies to identify and offer services to persons who have recently
paid for hotel rooms or purchased other paraphernalia associated with
extramarital affairs.  Employers might cross-reference with medical
histories to determine HIV status or even genetic predispositions.
With the continued rise in electronic commerce and global internetworking,
extensive databases of personal profiles on every person on Earth are
visible on the horizon.

Confining to the police or other intelligence agencies the ability to
collect, correlate, or make use of this information does not help much.
Building correlations between disparate data sets is a tricky task, and
the people asking the questions are almost never the ones building the
databases or doing the queries. Because of this, they don't understand
the limitations of the data they have available. Government divisions may
well be required to make a certain quota of profiles matching certain
constraints, such as `pedophile' or `drug dealer'. If time is short,
budgets are tight, and relaxing some of the query constraints is much
easier and cheaper than collecting or verifying more data, the choice
seems clear. The result of this is that ordinary innocent citizens will
get targetted as `suspicious' for one reason or another. The transition
from surveillance state to police state may well be a very subtle one.