Computers, Privacy & the Constitution

Questions and Discussion


Privacy Guarding Post Office?

Even though the 4th Amendment is pretty much dead because it gives no protection to identities, Eben mentioned that savvy individuals could overcome or evade the invasion of privacy through methods of self-created privacy and pseudonymity. When it comes to purely digital exchanges in the network society, these tools include encryption and the like, but is there a ready analog to prevent the linking of network and physical-world activities? Obviously, if digital cash had succeeded, it would be much easier to de-link one’s online and offline activities, since credit card information and shipping addresses (in the case of online shopping) can be accessed with a subpoena blank.

However, would it be possible to establish something like a private post office/purchasing agent? For the sake of this example, let’s call it the Privacy Guarding Post Office (PGPO). The idea would be that customers would put money in an anonymized account (through some simple encryption) that would generate temporary credit card numbers for use online (and probably with the PGPO listed as the purchaser for credit reasons), such that any tracking would only lead back to the PGPO, which would retain no personal data whatsoever. Any products that would be shipped to customers of the PGPO would be mailed to a "P.O. box," again determined through encryption methods and possibly re-routed internally or from office to office to further anonymize the pattern of delivery. Ideally, such a system would be engineered such that the PGPO retains no knowledge of the customers' identities or the contents of their activities.

In terms of weaknesses, I anticipate that there could be significant transaction costs that might make the service too expensive to attract a sufficient customer base to meet even its fixed costs of operation. After all, as Google has readily shown, people don't mind selling their rights for a nickel. However, if there are enough people who value their privacy, that might not be the biggest issue. The more likely weakness is that such an institution would drive the state (and especially national security people) insane, and the institution would not survive the need to inspect the contents of delivery (for fear of terrorism and child pornography—after all, why else would you use such a service?). Of course, the last point is precisely why the 4th Amendment is probably going to stay dead: the exceptions have swallowed the rule.

-- RickSchwartz - 16 Feb 2009


A New National Security Exclusionary Rule?

My last question implicated the rule-swallowing exception of "national security" as a justification for unlimited state access to any and all data it chooses to request. Given the political power behind this impulse and the calibration of the 4th Amendment to places, rather than identities, that exception seems likely to remain the real rule. Now, this may be nothing more than extremely wishful thinking, but one potentially politically feasible way to blunt the force of the exception might be to officially grant the state as much access as is necessary to achieve its national security objectives (since it would take that access anyway), but require the sequestration of all of that data within the national security agencies (a sort of reverse silver platter rule). This would require some form of legislation, possibly justified by the need for data integrity within that agency or a compromise for privacy (which liberals sometimes pay lip-service to before retrenching on their promises), such that there is an exclusionary rule once the data has been collected for national security reasons. Essentially, if the state chose to collect data for national security, it couldn't hand over that data to law enforcement personnel or use it in any other contexts, and any such data that could be shown to have been collected for national security would have the presumption that it was derived from that collection and therefore inadmissible as evidence. Such a rule would also encourage the state to be a lot more selective about which data it collects for fear of undercutting its other law enforcement objectives.

Of course, mere inadmissibility into evidence is not going to blunt the full potential force of data that has been collected, since the state can threaten autonomy without even reaching proceedings requiring the introduction of evidence. Furthermore, there would be little to no transparency to determine whether or not information sharing is actually occurring between federal agents, or whether the law enforcement personnel are getting "tips" from the national security personnel. And given Congress' willingness to sanction the invasion of privacy in the face of public outrage, it seems unlikely that such legislation would pass any time soon.

-- RickSchwartz - 16 Feb 2009

Some combination of prepaid visa gift cards purchased with cash and P.O. Boxes should be relatively effective at decoupling your online purchasing activities, no?

I like the idea of sequestering information obtained for national security purposes. But, as you acknoledge, even if that data can't be admitted during court proceedings or used for other official government adjudication, there are many ways in which it can still be misused. I think my biggest concern is that the data can be analyzed and then used to influence/nudge you towards making decisions that tend to benefit the established holders of power in ways that are not readily detectable. Spreading misinformation through social networks by identifying the most persuasive individuals within one's group of friends, for example, and bribing/threatening them so they become agents in the misinformation scheme. The scariest loss of autonomy is the kind that is least salient to the victims. That's what mass data collection and data mining enable.

-- AndreiVoinigescu - 17 Feb 2009

I vaguely remember Professor Mann saying that the reason why prepaid cards, etc. are not nearly as popular in the US as they are in other countries is precisely because the US government has squelched them at every opportunity. The DOJ did recommend putting more restrictions on prepaid cards within the Violent Crime and Anti-Terrorism Act proposed in 2007 (basically requiring you to fill out a report if you carried more than 10k on your card across the border), and probably other legislation I'm not aware of. Money laundering trumps privacy around here. So good luck with that as your privacy solution.

I think the exclusionary rule would be important in the confines of a trial, but I'm hesitant to say that no information sharing should ever occur. If I'm not mistaken, it was precisely that sort of Chinese Wall (Screen) that was later blamed for 9/11 and led to the establishment of the Dept of Homeland Security because agencies were not effectively communicating and were creating turf wars. I would say that this is still a problem. Example: When my dad went to get a security clearance from the Dept of Homeland Security, he was told they didn't have papers confirming his citizenship and asked HIM to send it to THEM. Problem? I think so. What that means is that if my dad gets questioned for anything one day, he could face who knows how long in some immigration detention facility (or worse) all because these fools can't even keep citizenship records straight.

-- KateVershov - 21 Feb 2009


Do We Need a New Internet?

I don't know if people saw John Markoff's article, "Do We Need A New Internet?" in this weekend's NY Times, but I thought it was an interesting piece. Though not completely on topic (in terms of our discussion of the Fourth Amendment), it raises some interesting issues and questions that are worth thinking about. I'm interested to hear what people have to say about it.

-- AlexLawrence - 16 Feb 2009

I see the push for a New Internet more in PartOne terms than in PartFour terms: as an attempt to undo the gains in anonymity allowed by the Old Internet (with their positive and negative consequences).

-- DanielHarris - 17 Feb 2009

The threat from malware and botnets is definitely real and growing. It's facilitated in equal parts by anonymity and the public's general ignorance about the pedigree posed by the code they run on their computers, which (thankfully) remain open platforms. Jonathan Zittrain has proposed some potential approaches to dealing with malware that try to preserve the benefits of anonymity and open platform. While I think there's a certain element of romanticism to some of his proposals, he's probably asking the right questions. It's too early to throw in the towel on the substantial positives of anonymity and open platforms.

-- AndreiVoinigescu - 17 Feb 2009

My problem with this proposal is that it promotes the misconception of "the Internet" as some physical thing that can be used or changed, when I think we all understand by now that "the Internet" merely stands for the set of social conditions whereby instantaneous communication between any two computers is possible without intermediation, made possible by the universality of communication via TCP/IP and other protocols. There is simply no way to discard this set of social conditions now that the tools exist to implement them somewhere. What might occur is simply a permutation of the trend of consumers conceding freedom in exchange for of perceived security, which will take the form of closed and opaque protocols, kept secret and proprietary so that people will be "safe" from malware. It will likely be an inferior product, collect untold amounts of private data, and further lock consumers into whatever service offers it first.

-- RickSchwartz - 17 Feb 2009

Rick - I don't know if the terminology point is so important though. It is very useful to talk about the Internet as a social condition, as Eben does; however, this article is using "the Internet" to refer to the physical structures and protocols that make the social condition of the Internet possible. I don't think this is wrong, though it is confusing. We really need two different terms; however, until we come up with better language, I don't feel like it is useful to say that the word can only mean one thing. We clearly need a word for the latter, and that word is currently "Internet," which is unfortunately the same as the common word "Internet."

-- TheodoreSmith - 22 Feb 2009

 

Navigation

Webs Webs

r5 - 22 Feb 2009 - 16:43:19 - TheodoreSmith
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM