Computers, Privacy & the Constitution

View   r2  >  r1  ...
AlexMiddletonFirstPaper 2 - 24 Jan 2009 - Main.EbenMoglen
Line: 1 to 1
Changed:
<
<
META TOPICPARENT name="FirstPaper%25"
>
>
META TOPICPARENT name="OldPapers"
 

The End of Privacy: Bang, Whimper or... Shrug?


AlexMiddletonFirstPaper 1 - 25 Mar 2008 - Main.AlexMiddleton
Line: 1 to 1
Added:
>
>
META TOPICPARENT name="FirstPaper%25"

The End of Privacy: Bang, Whimper or... Shrug?

-- By AlexMiddleton - 25 Mar 2008

Our last class closed with the lament that Eliot Spitzer's downfall was apparently not a "teachable moment." An odd conclusion, given that Spitzer was brought low by advanced data mining as much as his own misdeeds -- a perfect lesson for a class on law and privacy. Instead, the story of SARs and aggressive prosecution fell by the wayside. "He had it coming," we said. We shrugged at the implications for privacy: "Isn't this what the Feds should be watching for?"

This, from a classroom filled with people who recognize we have real privacy problems on our hands, and have spent a semester preparing a taxonomy.

Another week, another data breach; this time, the victims were the three leading presidential candidates whose passport files were browsed by nefarious (or merely curious) employees of the State Department. But this, too, probably will not rise to "teachable moment" status, given that 1) the perpetrators were punished for their minimal damage and 2) even partisan wonks greeted the story with a yawn.

We students know there's a problem, but it seems we've taken Scott McNealy's advice to heart: "You have zero privacy anyway... get over it." More than once, students (myself included) have retreated to "Well, I don't do anything wrong, so I have nothing to fear," even while expressing a generalized concern about civil rights.

So how does one break through the indifference -- for a group of dilettante law students, for an apathetic public? The answer to complacency is not to simply ratchet up the intensity of the dialogue, tempting as it may be. (While blasé arguments can be analogized to those that preceded the rise of fascist states, Godwin's Law counsels restraint.)

Where argumentation fails, exposition may succeed. The most damning (and effective) survey of the state of affairs is Robert O'Harrow's No Place to Hide, a well-researched, well-written, and, well, terrifying look at the erosion of privacy in modern America. No less a voice than William Safire went on record (and, thanks to the publisher, the paperback edition's cover) as saying the book "might just do for privacy what Rachel Carson's Silent Spring did for environmental protection." Thus far, it has not inspired such a reaction. Like Silent Spring, No Place to Hide tracks and explains an endemic, essential problem facing society, but the reception has been far less energetic. What gives?

For one thing, Silent Spring offered a reasonably direct solution to a conceptually simpler problem: cut pesticide use and find replacements, or face the consequences when raptors drop out of the sky. While O'Harrow's book correctly identifies the problems and explores them at length, it offers less in the way of solutions.

A major difference between the two problems as they exist today is the common perception of futility in the fight for privacy -- at least when viewed against the optimism of environmentalists. At its root, the dismissal of the issue is likely less "I don't do anything wrong," and more "I can't do anything about this, so I won't concern myself with it." It is a straightforward application of cognitive dissonance that allows people to enjoy convenient services without pausing to ask themselves what price convenience.

And thus a solution to the apathy presents itself. In order to make privacy a cause célèbre, we must first suggest workable ways to revive it, or at least ways to stanch the bleeding. While an academic discussion of constitutional structures and first principles is crucial at one level, more mundane action is also broadly needed.

Admittedly, there is a touch of the old chicken-and-egg problem with this strategy: do workable solutions beget popular support and knowledge, or the other way around? What can be said conclusively is that even after countless evening news segments on identity theft and other popular disclosure of the problem, change does not seem imminent. This strategy shift may not foment a revolution, but agitating for concrete, albeit incremental, change could vivify the issue.

It is also possible -- though disheartening -- that the privacy movement will not come into its own until the country reaches a breaking point, forced into action by a very public fiasco. This bar, it would seem, is quite high. In 2007, the TJX Companies lost 45.7 million consumer records (including SSNs and drivers license numbers) in a security breach (based on a lack of wireless encryption at one store.) TJX apologized and moved on; so did consumers. Though popular outcry limited the intensity of Facebook's Beacon platform, it shines on as well. More recently, reports surfaced that several major UK ISPs are working with a startup called Phorm, providing complete logs of their subscribers' web activity in order to permit pervasive, targeted advertising (and, of course, increase revenue.)

The dialogue must shift from an endless litany of sins to a discussion of the penance needed for absolution and, yes, purification. An easy starting point for popular discussion is adoption of EU-style data privacy laws, and illustrations of the rights EU citizens have as to their personal data that Americans do not. Along these lines, the many states resisting REAL ID give reason for hope. This, at the very least, shows that improvement is possible, even feasible, and the privacy problem something other than intractable. (Law students, cynical as so many of us are about the prospects and procedures of legislative and regulatory reform, may actually be more reticent than the general public.) Diligent efforts have been made to spread this message, but have reached a limited audience.

To drive the point home: attitudes and laws about privacy make a difference. In the UK, a 2007 data breach involving 25 million child benefit records required an apology from the PM and plans for improved security. In the US, in 2006, a laptop stolen from a Department of Veterans' Affairs contractor contained records of 26.5 million beneficiaries. The VA covered up the loss for several weeks, then downplayed the significance. Americans shrugged.

We didn't always. And we don't have to now.


Revision 2r2 - 24 Jan 2009 - 21:51:29 - EbenMoglen
Revision 1r1 - 25 Mar 2008 - 03:08:45 - AlexMiddleton
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM