|
PRIVACY Forum Digest Saturday, 9 June 2001 Volume 10 : Issue 04 (<A HREF="http://www.vortex.com/privacy/priv.10.04">http://www.vortex.com/privacy/priv.10.04</A>) Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>) Vortex Technology, Woodland Hills, CA, U.S.A. <A HREF="http://www.vortex.com">http://www.vortex.com</A> ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- ********************************************* * PRIVACY Forum Nine Year Anniversary Issue * ********************************************* CONTENTS Be Careful What You Wish For (Lauren Weinstein; PRIVACY Forum Moderator) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>". Mailing list problems should be reported to "<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 10, ISSUE 04 Quote for the day: "I'm trying to stop trying!" -- Harold Fine (Peter Sellers) "I Love You, Alice B. Toklas!" (Warner Bros.; 1968) ---------------------------------------------------------------------- Date: Sat, 09 Jun 2001 15:04:03 PDT From: <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Be Careful What You Wish For Greetings. Just slightly over two thousand years ago, an escaped slave named Spartacus gathered together a force of like-minded individuals and challenged the status quo of imperial Rome. At first his "army" of runaway slaves was merely a nuisance to the grand powers of the empire. But when Spartacus' forces seriously threatened to undermine aspects of society upon which the vested interests had come to depend, Rome like a sleeping giant awoke. The forces that the aroused empire launched took a terrible toll, with the result being over 6,000 of Spartacus' followers crucified in two lines stretching for over a hundred miles along the Appian Way from Rome to Capua. This was the empire's dramatic way of Making a Point. Those of us who have been concerned about issues of privacy in society have also, until relatively recently, been largely ignored by the vested interests. Privacy rights are by their very nature typically undramatic in their gradual process of decay, and only noticed by the average citizen when end results directly impact individual lives. By then, it's often too late to get the genie effectively back into the bottle. The rise of technology, in the guises of databases, communications (including the Internet), and sophisticated mechanisms for the collecting, integrating, consolidating, and marketing of personal data, have dramatically changed the nature of the game when it comes to privacy. Data that once sat isolated and harmless on dusty index cards forgotten in the back rooms at businesses and municipalities have become "profit centers" and treasure-troves for both marketing and intelligence dossiers. Our systems of laws, still grounded largely in a 19th century view of the world, are ill-equipped to deal with the environment of the 21st century in many respects. As the calls for increased privacy protections have gradually risen over the last few years, warning bells have been ringing in the hallowed halls of both industry and government. Opinion polls show public concerns over privacy rising rapidly. Most of those being polled are potential customers -- and potential voters. Like Rome of two millennia ago, many interests in both the commercial and government sectors have awoken to the risks that such concerns may present to the status quo. And again like Rome, these interests are gathering their own "armies" to battle. It's a war of a different kind, fought with the weapons of money and public relations rather than swords, but the battles are quite real nonetheless. One of the more potent weapons in the arsenal to fight back increased privacy protections is attempts to trivialize both the nature of privacy problems and those persons who sound the alarms regarding privacy concerns. Executive Scott McNealy of Sun Microsystems has asserted that we have zero privacy anyway: "Get over it!" he says. On the other hand, U.S. Federal Trade Commissioner Thomas Leary recently suggested that we have more privacy now than we had a century ago. He likens much of the current privacy debate to "hysteria" -- this from a man whose commission is among the most important involved with protecting individual privacy rights in the commercial sphere within this country. Zero privacy -- or plenty of privacy? That these statements from both of these men are clearly little more than "spin" for public-relations purposes is patently obvious, but spin <B>is</B> important in any modern war, especially a war of words. Businesses also have other weapons at their disposal against the "malcontents" who would call for greater privacy. Appeals to the pocketbook always make for a good show. Industry groups, in attempts to derail pending privacy legislation, have begun trotting out studies purporting to detail how many billions of dollars they've calculated increased privacy protections would cost. Those calculations were immediately called into dispute, but perhaps of more interest is the underlying concept, that privacy doesn't matter if it gets "too" expensive to achieve. If this reasoning sounds familiar from another context it should -- it's basically the same financially-grounded argument made by slave owners in the U.S. South against the abolishing of slavery. Diversionary tactics can also play well. If the law requires you to notify customers about privacy policies, you can send out such notices buried in legalize within bill inserts that you know most people will never have the time to study. Since you know that few folks would ever "opt-in" to your data sharing plans, make sure that attempts to mandate opt-in requirements never see the light of day, and bury any "opt-outs" where most people won't find them. Also, do everything you can to avoid having people looking into the details of privacy issues in the first place, by trying to restrain your existing and potential customers within a fabricated "comfort zone" that they won't be tempted to leave. Mechanisms such as P3P (Platform for Privacy Preferences) will serve to help convince Web users that their privacy is being protected, while in reality the system actually makes a bad privacy situation even worse. Governments too are highly skilled at the diversionary game -- especially of the "giveth with one hand and taketh away with the other" variety. A good example of this is taking place in Europe, where ostensibly strong personal privacy laws may be massively undermined. European proposals for vast new government-mandated Internet and other communications data gathering and warehousing, often on a long-term basis for retrospective investigatory analysis and other purposes, could render most other privacy protections largely moot and impotent. However, it wouldn't be fair to assign all of the blame for privacy problems to industry and government. Sometimes those persons pushing the hardest for increased privacy protections inadvertently do the most damage to their own causes. Attempts to portray privacy issues in a one-sided manner, failing to take into account the legitimate concerns of law enforcement, other aspects of government, and commercial concerns when it comes to achieving reasonable balance with these issues, are recipes for failure. For when it comes to the wide range of privacy issues, there <B>is</B> a need for balance -- which would take the place of the status quo that has become heavily skewed away from individual privacy concerns. But in our enthusiasm to correct this very real disparity, it's a critical error to assume that skewing the equation fully in the other direction is necessarily an appropriate course. Privacy is but one of the many important issues with which we must deal in society, and we need to take into account the impacts that privacy-related concepts (for example "anonymity" -- to name just one) will have in both positive and negative ways. It's also important that when making our arguments for increased privacy protections we avoid adopting the tactics of our perceived adversaries, and instead attempt to stay on as high an ethical ground as possible. So, if one is going to argue that Social Security Number (SSN) data is too widely available and subject to widespread abuse, it's a highly questionable approach to demonstrate this by publicizing individuals' Social Security Numbers on Web sites, then playing "catch me if you can" with the data moving from site to site. "Practice what you preach" is an old proverb that still has value even today -- to take another course is to undermine the validity of your own arguments, and to provide rhetorical ammunition to persons and groups whom you may oppose on important matters. Those of us who write and speak about privacy issues have long wished for the attention of the "powers-that-be" -- well, now we have it. Privacy issues are among the most important with which we must deal today, but they do not exist in a vacuum. To achieve the laudable goal of increased privacy protections, these issues need to be viewed through the context of society at large, and the privacy battles must be fought ethically within that framework. Failure to follow this course risks not only the loss of improvements in the areas of privacy, but also could set the stage for backlashes which could take us all on a rapid ride in reverse to very dark places indeed. As Spartacus learned and we must remember, there is still lots of wood out there -- and plenty of nails. Be seeing you. --Lauren-- Lauren Weinstein <A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> or <A HREF="mailto:lauren@privacyforum.org">lauren@privacyforum.org</A> Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A> Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A> Member, ACM Committee on Computers and Public Policy ------------------------------ End of PRIVACY Forum Digest 10.04 ************************