Return-Path: <sentto-279987-4774-1023369059-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 06 Jun 2002 06:15:08 -0700 (PDT) Received: (qmail 4567 invoked by uid 510); 6 Jun 2002 13:11:23 -0000 Received: from n39.grp.scd.yahoo.com (66.218.66.107) by all.net with SMTP; 6 Jun 2002 13:11:23 -0000 X-eGroups-Return: sentto-279987-4774-1023369059-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.194] by n39.grp.scd.yahoo.com with NNFMP; 06 Jun 2002 13:10:59 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_3_2); 6 Jun 2002 13:10:58 -0000 Received: (qmail 93589 invoked from network); 6 Jun 2002 13:10:58 -0000 Received: from unknown (66.218.66.216) by m12.grp.scd.yahoo.com with QMQP; 6 Jun 2002 13:10:58 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta1.grp.scd.yahoo.com with SMTP; 6 Jun 2002 13:10:57 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g56DDvF21351 for iwar@onelist.com; Thu, 6 Jun 2002 06:13:57 -0700 Message-Id: <200206061313.g56DDvF21351@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 6 Jun 2002 06:13:57 -0700 (PDT) Subject: [iwar] [fc:Privacy.vs..Security:.A.Bogus.Debate?] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=2.3 required=5.0 tests=SOCIAL_SEC_NUMBER,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: ** BUSINESS WEEK ONLINE JUNE 5, 2002 SPECIAL REPORT: NEW THREATS TO PRIVACY Privacy vs. Security: A Bogus Debate? Author of The Transparent Society, David Brin says what's needed are rules and tools to let citizens "watch the watchers" David Brin is a privacy heretic. He doesn't agree with those in the intelligence and law-enforcement communities who argue that Americans have to surrender freedoms to make their lives safe. Nor does he agree with advocates who argue that it makes sense to protect privacy at all costs -- certainly not if it means living with added insecurity. As Brin sees it, security and privacy shouldn't be construed as rivals: Instead, he says, everyone will be safer if the government knows a lot -- within reason -- about its citizens, and if Americans know a lot more than they do now about how the government uses their information. Brin may be provocative, but he's not crazy. A PhD in space physics and sci-fi author, Brin argues that security is advanced by openness rather than secrecy. Many of his views are laid out in his 1998 book about privacy The Transparent Society. The march of increasingly intrusive technology is unstoppable, he reasons, so why fight it? FLASHLIGHTS FOR ALL. Rather, Brin would give everyone access to the same information, at least most of it. "We can stand living exposed to scrutiny, if in return we get flashlights of our own that we can shine on anyone who might do us harm," he argues. Brin's views have earned him the ire of mainstream privacy advocates. No wonder. He calls them ideologues and says they failed to fight for important oversight of new powers Congress awarded the Justice Dept. after September 11. At the same time, though, he thinks that if Attorney General John Ashcroft wants to know more about individual Americans, they should have the right to know a lot more about his methods -- much as the country ultimately learned about the machinations of legendary FBI Director J. Edgar Hoover. On May 29, Brin spoke with BusinessWeek Online technology reporter Jane Black about how privacy and security could work hand-in-hand -- and ways to ensure they do. Edited excerpts from that conversation follow: Q: Privacy is always discussed with the idea that, in order to have it, there has to be a trade-off for security. You don't believe this is true. Why? A: It's a devil's dichotomy: false and unnecessary, but widely promulgated since September 11. Look at the actual events on that tragic day. The only measures that thwarted our enemies and mitigated the harm were taken by private individuals. All the important video footage, all the vital cell-phone calls that started the evacuation, were made by private citizens. The rebellion on United Flight 93 [which crashed in Pennsylvania]. The debunking of hoaxes [was] an unsung contribution during the week that followed. All these important measures were taken by a huge ensemble of individuals who had access to information and the rapid means to share it. I won't denigrate our professionals. They protected us before that day, and they are doing their best now. But failure happens. They failed on September 11...and notice how civilians leaped to fill in. It points out the stupidity of relying on just one method of error-detection and harm-prevention. The 20th century was one long, monotonic increase in the degree to which citizens rely on paid professionals -- to grow food, to provide means of life, and to protect them from harm -- and that trend simply can't go much further. I'm not saying that professionalism won't improve. It must. But the complex problems that we're facing will overwhelm any hypothetical level of professional competence. Our only hope is to supplement professionals with a skilled, fiercely independent, and keen-eyed citizenry. Q: Why, then, is there a widespread belief that the opposite is true? A: On the airwaves, we keep seeing these staged confrontations between some civil libertarian and a security expert, screaming like pro wrestlers. The security expert says, "We must get used to surrendering traditional freedoms to make life safe for our children." The civil libertarian howls back, "We must all courageously endure a certain amount of insecurity for liberty's sake." What happens when the camera goes off? They give each other high-fives for a great entertaining riff -- and all the consultancy and speaking engagements pouring in. Meanwhile, they're spreading a poison: the concept that we must choose between two vital things. Nobody tells me I must choose between safety for my children and their freedom. It's a nonstarter. Q: So how do we redefine privacy? A: We have to think about protecting data that can cause harm, rather than about protecting all data. We desperately need a core of privacy, but that word will be redefined year by year by agile citizens. We'll learn to pick and choose a few secrets. What salad dressing you bought will wind up being as open and public as the color of the sweater you wear on the street. And you'll care about it as much. Common citizens are more sensible than elite privacy activists, who sneer at the public for using supermarket club cards [in return for which they have to reveal a lot about themselves]. "They're surrendering their sacred information," [the privacy advocates argue]. But people aren't clueless. They know the supermarket is correlating their purchases in order to decide which coupon to give them. They choose not to consider that harmful. Shifting the discussion from pure ideals to a scale of harm would let us focus on a range of pragmatic choices -- which secrets to hold onto and which aren't worth the effort. But purists don't see it that way. Q: So what should be private? A: Information that can cause harm. The secret location of the shelter for battered wives, psychiatric records, or medical records that could bias someone against you. The trade-off is always that someone else may need the information in order to legitimately hold you accountable. Moreover, anyone in a position of power over others should be held to a higher standard of scrutiny. Elites traditionally try using power and influence to escape accountability. It's human nature. No need to be angry about it. We do need to prevent it. The interesting thing is that our culture is already tuned to this wisdom. The most common message in all popular entertainment is suspicion of authority. Name a popular film in the past 30 years where the hero didn't bond with the audience by sticking it to some authority figure. We differ mostly in which authority we dread -- government, aristocracy, corporations, criminals, intellectuals. But notice the shared pattern. It has kept us free. Q: Making most information available to anyone and everyone is scary, though. I always think about a scene in William Gibson's novel Neuromancer, where a man is walking down the street and passes a pay phone. It rings, and it's for him. He doesn't want to talk, so he hangs up and keeps walking. He passes another pay phone. It rings -- and so does the next one. Is this unrealistic? More important, is it dangerous? A: Everybody assumes Big Brother will have the worst kind of transparency, the kind that works in his favor, one-way transparency. We're tuned to worry about that. Few pundits notice that we've already found the answer -- make the telescreen look both ways. If those sneaky people chasing that man down the street were subject to his own counterscrutiny -- and civil penalties that he could enforce for harassment -- that's more effective than passing some futile [privacy-protection] law. You won't ever stop elites from seeing you. But recent history proves that you can look back. Q: How? That's the problem. People feel powerless. A: We look back all the time. We have open-meeting laws and class actions. We have the Freedom of Information Act and adversarial legal disclosure. It's almost instinctive in our system. When professionals ask for more information, we demand that they strip a little more naked. We stripped the most powerful man in the world [Bill Clinton] down to his underwear a few years back. Some on the radical right didn't like the way we punished him, with a yawn and a wrist-slap. But that's the people's privilege. What's important is that citizens went along with the relentless search for facts. Only later did they decide to yawn. Q: Has the American public responded appropriately since September 11? Have we demanded enough oversight? A: We didn't panic. And [Attorney General] John Ashcroft seems to understand that. He asked for a only few, incremental new powers. But notice, he didn't offer any increased accountability in exchange. Nor is it his job to say, "in return for these new powers of sight, I'm going to strip a little more naked." It's our job to demand more oversight, to make sure that the telescreen looks back at Big Brother. Our advocates let us down this time. All they did was futilely rail against Ashcroft. When he stepped over their line in the sand, they retreated and drew a new line. That's not what works. What works is to dangle new eyeglasses in front of the Attorney General and say: "You don't get these until you strip. Go ahead, strip." We need more insight into how and when the government uses its new power. We need more accountability. Q: How do we implement oversight? A: There are so many possible ways. Here's just one: give us an autonomous Inspector General of the U.S. Today, the inspectors in each Cabinet department report -- and owe their jobs -- to the people they are supposed to watch. The IG should be its own dedicated corps, like a public health service or Coast Guard, with real oaths and a fierce code of conduct. That's just one way we could demand to see better [what others know about us]. To watch the watchers. The truth is, our professionals may honestly need to see a whole lot better right now. We shouldn't refuse them important tools or assume that our freedom depends on government blindness. What we do need is to keep reminding government that it's a dog we own. Not a wolf that owns us. You don't do that by blinding the dog. You supervise. You keep it on a choke chain. Q: What other legislation do we need to make this happen? A: Tell banks to stop using our Social Security numbers as passwords. Since you cannot change it, the SSN is intrinsically a name, not a password. All possibility of it harming us would go away if banks stopped this inane practice. Alas, the legislation that's proposed [such as Senator Dianne Feinstein's (D-Calif.) Social Security Number Misuse Prevention Act of 2001] goes in the wrong direction, banning the SSN as a unique, universal identifier. Q: In your book, you talk about the illusion of privacy. Is society's inaccurate belief that privacy really exists holding us back from finding innovative ways to protect our personal information? A: Let me emphasize again: Without some privacy, we couldn't stay human. But we'll be better equipped to defend a core of essential privacy if our overall civilization is open enough to let us catch the Peeping Toms and power abusers. Better, more intrusive technology is going to limit our [ability to stay anonymous]. In 5 or 10 years, you'll have eyeglasses that scan any face on the street, look it up on the Internet, and provide captions as you walk by. This will be a return to the village of our ancestors, where they recognized everyone they saw. No one will be a total stranger. Chilling? Yes. But should we try to ban this technology? No. That would only limit it to some elite -- whichever elite you happen to fear. Then, someone passing you on the street will glance at you and break out laughing, and you'll know they can see you, really see you. And you won't be able to look back. The village is returning, alright. But we may still decide which kind. Is it a benign village that appreciates eccentricity and diversity? One where all elites have to watch themselves and avoid abusing power? Will it be the good village of the Andy Hardy movies, where no one is neglected and no one has to conform? Or will it be the bad village of Babbitt, dominated by secret patricians and citizens who are cowed by busybody gossips? Technology seems to foretell a world village, whether we like it or not. But we still can choose which kind. ------------------------ Yahoo! Groups Sponsor ---------------------~--> Tied to your PC? Cut Loose and Stay connected with Yahoo! Mobile http://us.click.yahoo.com/QBCcSD/o1CEAA/Zr0HAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT