Security and Privacy in a Networked World/Privacy from different angles: Now and then
The old-timers had it easy
Before the days of hi-tech, privacy was rather easy to obtain - one had to go away from others and just keep an eye out for stalkers. Things went more complicated as distance increased - things like intercepting couriers, secretly opening letters, decoding secret messages etc existed long before IT. Today, we have uni- and bidirectional microphones, parabolic antennas, laser interferometres and other fancy stuff - and privacy is rapidly disappearing.
"Everything you say can be used against you"
In times of old, it was really difficult to capture uttered words - the only way was to set a word against another (e.g in a court of law). But after a while, they started to be written down. And then secretly recorded (at first in writing, later in sound).
In ancient Jewish laws, there were prescriptions for privacy of home, e.g. building one's neighbour-facing window at least four cubits away (higher or lower) from his window; in addition, the law prohibited snooping at others. Later legal system introduced
- right to autonomy, i.e. being left on one's own
- right to control information about oneself
- right to keep secrets and forward them in a controlled manner
- right to solitude, intimacy and anonymity
Privacy is also separately mentioned both in the Universal Declaration of Human Rights from 1948 and the International Covenant on Civil and Political Rights from 1966 (interestingly, the U.S. only adopted it in 1992). Yet when we look at the situation in today's world, most of the points above are to be taken with some reserve.
The perception of privacy also depends on cultural context and traditions - e.g. in Japan, people are used to live in a compact manner (due to long history of dense population), for someone used to sparse population and a lot of personal space (e.g. people from Nordic countries) it may feel as a privacy violation. In some cases, privacy is limited also by
- the person's own choice (e.g. celebrities)
- comfort (e.g. internet banking - while handy, it requires identification to be used)
Privacy and Internet
Looking at the history of Internet, we can distinguish several stages which also brought along different levels of secrecy:
- military network - top secret
- research network - some secrets
- education and NGO's - not many secrets (the "lost golden age" for some)
- business (starting from 1991) - some secrets again
- everyone (the Age of Facebook) - personal information
There is a paradox regarding online privacy - on the one hand, it makes impersonality and pseudonymity (in some cases also anonymity) much easier to achieve. On the other hand, there is always a risk of interception and surveillance - and there is no way to be certain (as intercepted/snooped information does not generally differ from its "pure" form, or the differences are difficult to find). Thus, privacy on Internet is a bit like the Great Ring in Tolkien's "Lord of the Rings" - it turns the wearer invisible, but can betray him/her at the worst moment... And Internet knows a lot of Isildurs.
My home is my castle
Privacy in any medium must have two qualities:
- authenticity - the message really comes from the source it claims to be originating from
- integrity - the message arrives in exactly the same form as it was sent, it has not been tampered
Compared to traditional (physical) privacy, the online setting has the following:
- the situation is harder to control
- mostly hindsight
- everything will be used against you - directly or indirectly, right now or years later (most people do not envision running for Parliament in ten years, but some of them actually will)
- identity theft is easier, the consequences can be even more dire than before
- legal protection is weaker - legislation is reactive and conservative by essence, technology in contrast is dynamic and sometimes foolhardy; thus legislation tends to fall behind in nearly all aspects of information society (especially evident in the "intellectual property" issues).
Many problems stem from privacy becoming a source of business. From very early days, there have been two camps:
- those who live on maintaining privacy (bodyguards, network administrators)
- those who live on violating privacy (spies, thieves, spammers)
And cooperation between these (playing over the head of the unsuspecting target) is not unheard of.
An example of the human factor is a well-known political scandal in the White House. The main heroine phoned to a coworker who secretly recorded the calls. In this case, added security to the channel would likely have had adverse effect - the sense of security would probably have resulted in an even more open talk that the real "leak" at the other end would have quickly made use of. Similar things are often seen in online communication as well.
It should be noted that collecting information is neutral by itself - but its use may have a very different outcome. For example, a person's health history can be used by
- his/her doctor - nobody would really object
- a large company unrelated to health services (e.g. a mobile provider) - many would shrug "what would they need it for?", but some will definitely be concerned
- a bank - may result in denying a loan or having worse conditions than others due to "perceived larger risks"
- advertisement agencies - can result in strange situations like this: http://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/
- spammers - like the previous, but in even more obnoxious manner, and can also connect to the next category
- scammers and other criminals - a despicable fact is that most large disasters (e.g. Fukushima) breed a large number of scam schemes trying to make money on people trying to learn about their loved ones nearby. Alas, one's health history can be a good starting point too.
Internet has two qualities that are the main source of concern here:
- it allows surveillance of others without them knowing, and
- to collect, process and store increasing volumes of information over increasingly long periods
Privacy is largely an agreement between consenting adults. The reality of Internet is however different (if the chairman of a well-known company claims that there is no such thing as privacy...). The result is constant struggle between freedom and security instead of them cooperating to find a point of balance.
Links and additional reading
- http://halakhah.com - Babylonian Talmud (Jewish Law) in English
- http://www.un.org/en/documents/udhr/ - The Universal Declaration of Human Rights 1948
- http://www.state.gov/j/drl/rls/irf/2008/108545.htm - International Covenant on Civil and Political Rights 1966
Study & Blog
- Study published cases of incidents related to Internet privacy and describe three most enlightening ones (for you).