Return-Path: <sentto-279987-1313-992151375-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Sat, 09 Jun 2001 22:37:07 -0700 (PDT) Received: (qmail 13831 invoked by uid 510); 10 Jun 2001 04:37:19 -0000 Received: from ch.egroups.com (208.50.99.226) by 204.181.12.215 with SMTP; 10 Jun 2001 04:37:19 -0000 X-eGroups-Return: sentto-279987-1313-992151375-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by ch.egroups.com with NNFMP; 10 Jun 2001 05:36:15 -0000 X-Sender: fc@all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-7_1_3); 10 Jun 2001 05:36:14 -0000 Received: (qmail 23923 invoked from network); 10 Jun 2001 05:36:14 -0000 Received: from unknown (10.1.10.27) by l10.egroups.com with QMQP; 10 Jun 2001 05:36:14 -0000 Received: from unknown (HELO all.net) (65.0.156.78) by mta2 with SMTP; 10 Jun 2001 05:36:13 -0000 Received: (from fc@localhost) by all.net (8.9.3/8.7.3) id WAA15730 for iwar@onelist.com; Sat, 9 Jun 2001 22:36:13 -0700 Message-Id: <200106100536.WAA15730@all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL1] From: Fred Cohen <fc@all.net> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Sat, 9 Jun 2001 22:36:13 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] PRIVACY Forum Digest V10 #04 (fwd) Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit [FC - I rarely reproduce such things in this forum but I thought this one particularly relevant to our interest...] Per the message sent by PRIVACY Forum: PRIVACY Forum Digest Saturday, 9 June 2001 Volume 10 : Issue 04 (http://www.vortex.com/privacy/priv.10.04) ... Date: Sat, 09 Jun 2001 15:04:03 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: Be Careful What You Wish For Greetings. Just slightly over two thousand years ago, an escaped slave named Spartacus gathered together a force of like-minded individuals and challenged the status quo of imperial Rome. At first his "army" of runaway slaves was merely a nuisance to the grand powers of the empire. But when Spartacus' forces seriously threatened to undermine aspects of society upon which the vested interests had come to depend, Rome like a sleeping giant awoke. The forces that the aroused empire launched took a terrible toll, with the result being over 6,000 of Spartacus' followers crucified in two lines stretching for over a hundred miles along the Appian Way from Rome to Capua. This was the empire's dramatic way of Making a Point. Those of us who have been concerned about issues of privacy in society have also, until relatively recently, been largely ignored by the vested interests. Privacy rights are by their very nature typically undramatic in their gradual process of decay, and only noticed by the average citizen when end results directly impact individual lives. By then, it's often too late to get the genie effectively back into the bottle. The rise of technology, in the guises of databases, communications (including the Internet), and sophisticated mechanisms for the collecting, integrating, consolidating, and marketing of personal data, have dramatically changed the nature of the game when it comes to privacy. Data that once sat isolated and harmless on dusty index cards forgotten in the back rooms at businesses and municipalities have become "profit centers" and treasure-troves for both marketing and intelligence dossiers. Our systems of laws, still grounded largely in a 19th century view of the world, are ill-equipped to deal with the environment of the 21st century in many respects. As the calls for increased privacy protections have gradually risen over the last few years, warning bells have been ringing in the hallowed halls of both industry and government. Opinion polls show public concerns over privacy rising rapidly. Most of those being polled are potential customers -- and potential voters. Like Rome of two millennia ago, many interests in both the commercial and government sectors have awoken to the risks that such concerns may present to the status quo. And again like Rome, these interests are gathering their own "armies" to battle. It's a war of a different kind, fought with the weapons of money and public relations rather than swords, but the battles are quite real nonetheless. One of the more potent weapons in the arsenal to fight back increased privacy protections is attempts to trivialize both the nature of privacy problems and those persons who sound the alarms regarding privacy concerns. Executive Scott McNealy of Sun Microsystems has asserted that we have zero privacy anyway: "Get over it!" he says. On the other hand, U.S. Federal Trade Commissioner Thomas Leary recently suggested that we have more privacy now than we had a century ago. He likens much of the current privacy debate to "hysteria" -- this from a man whose commission is among the most important involved with protecting individual privacy rights in the commercial sphere within this country. Zero privacy -- or plenty of privacy? That these statements from both of these men are clearly little more than "spin" for public-relations purposes is patently obvious, but spin *is* important in any modern war, especially a war of words. Businesses also have other weapons at their disposal against the "malcontents" who would call for greater privacy. Appeals to the pocketbook always make for a good show. Industry groups, in attempts to derail pending privacy legislation, have begun trotting out studies purporting to detail how many billions of dollars they've calculated increased privacy protections would cost. Those calculations were immediately called into dispute, but perhaps of more interest is the underlying concept, that privacy doesn't matter if it gets "too" expensive to achieve. If this reasoning sounds familiar from another context it should -- it's basically the same financially-grounded argument made by slave owners in the U.S. South against the abolishing of slavery. Diversionary tactics can also play well. If the law requires you to notify customers about privacy policies, you can send out such notices buried in legalize within bill inserts that you know most people will never have the time to study. Since you know that few folks would ever "opt-in" to your data sharing plans, make sure that attempts to mandate opt-in requirements never see the light of day, and bury any "opt-outs" where most people won't find them. Also, do everything you can to avoid having people looking into the details of privacy issues in the first place, by trying to restrain your existing and potential customers within a fabricated "comfort zone" that they won't be tempted to leave. Mechanisms such as P3P (Platform for Privacy Preferences) will serve to help convince Web users that their privacy is being protected, while in reality the system actually makes a bad privacy situation even worse. Governments too are highly skilled at the diversionary game -- especially of the "giveth with one hand and taketh away with the other" variety. A good example of this is taking place in Europe, where ostensibly strong personal privacy laws may be massively undermined. European proposals for vast new government-mandated Internet and other communications data gathering and warehousing, often on a long-term basis for retrospective investigatory analysis and other purposes, could render most other privacy protections largely moot and impotent. However, it wouldn't be fair to assign all of the blame for privacy problems to industry and government. Sometimes those persons pushing the hardest for increased privacy protections inadvertently do the most damage to their own causes. Attempts to portray privacy issues in a one-sided manner, failing to take into account the legitimate concerns of law enforcement, other aspects of government, and commercial concerns when it comes to achieving reasonable balance with these issues, are recipes for failure. For when it comes to the wide range of privacy issues, there *is* a need for balance -- which would take the place of the status quo that has become heavily skewed away from individual privacy concerns. But in our enthusiasm to correct this very real disparity, it's a critical error to assume that skewing the equation fully in the other direction is necessarily an appropriate course. Privacy is but one of the many important issues with which we must deal in society, and we need to take into account the impacts that privacy-related concepts (for example "anonymity" -- to name just one) will have in both positive and negative ways. It's also important that when making our arguments for increased privacy protections we avoid adopting the tactics of our perceived adversaries, and instead attempt to stay on as high an ethical ground as possible. So, if one is going to argue that Social Security Number (SSN) data is too widely available and subject to widespread abuse, it's a highly questionable approach to demonstrate this by publicizing individuals' Social Security Numbers on Web sites, then playing "catch me if you can" with the data moving from site to site. "Practice what you preach" is an old proverb that still has value even today -- to take another course is to undermine the validity of your own arguments, and to provide rhetorical ammunition to persons and groups whom you may oppose on important matters. Those of us who write and speak about privacy issues have long wished for the attention of the "powers-that-be" -- well, now we have it. Privacy issues are among the most important with which we must deal today, but they do not exist in a vacuum. To achieve the laudable goal of increased privacy protections, these issues need to be viewed through the context of society at large, and the privacy battles must be fought ethically within that framework. Failure to follow this course risks not only the loss of improvements in the areas of privacy, but also could set the stage for backlashes which could take us all on a rapid ride in reverse to very dark places indeed. As Spartacus learned and we must remember, there is still lots of wood out there -- and plenty of nails. Be seeing you. --Lauren-- Lauren Weinstein lauren@pfir.org or lauren@vortex.com or lauren@privacyforum.org Co-Founder, PFIR: People For Internet Responsibility - http://www.pfir.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:16 PDT