A Gene Article
Volume 18, Number 4, The CPSR Newsletter Fall 2000
Is 1984 Really History?
by Gene N. Haldeman
Panel Three, entitled, "Is 1984 Really History?", included Paul Schwartz from the Brooklyn Law School, Andrew Shen of EPIC, and Simson Garfinkel, author of Database Nation.
Paul Schwartz began by suggesting that we, Computer Professionals, are the single most important group in preserving electronic privacy. He quoted Lawrence Lessig: "Code is law", and in essence, we are the ones who are in charge of the code. We are the ones who make the decisions for technical configurations, and system setups. We have a great deal of influence in what software is used. He used this analogy towards the concept of privacy violations: It is easy to steal a bicycle, but very difficult to steal a skyscraper, and we have the choice to make our own systems like bicycles or like skyscrapers.
He then mentioned a new arrival on the technology scene, P3P, and compared it to a "CyberJeeves", working on our behalves by negotiating our privacy requirements with a website's desire to collect information. This is a good thing, if it really works in the clients favor.
With all kinds of new electronic gadgets on the market, it's hard sometimes to recognize when something will violate one's privacy. Cell phones have been used for tracking purposes for years; it's natural for the police to use them in that way for the technology is built in -- the cell phone won't work unless the satellite can pinpoint the location of the phone. There's a trade-off involved; we give up that bit of privacy in order to have the convenience and utility of the phone. Also, there are times when the tracking capability could be very useful -- after a car accident in the middle of nowhere, for example, it could get an ambulance to you much quicker. We have to ask how that technology should be used and set boundaries.
How do we formalize privacy within companies? CPO's are a start, and Privacy Boards of Advisors, but they can be co-opted. There needs to be an external scrutiny, which means there must be legal rules. We need to constantly reassess technology as it relates to the social context.
He mentioned Neal Stephenson's "Blinking 12" on the hard-to-program VCR's of the 80's. (The solution, of course, was to cover the blinking 12 with black tape, so you couldn't see it.) Schwartz pointed out that with new technology, including VCR's that actually poll TV stations for the correct time, and other better firmware programming, newer VCR's don't do that any more, but the P3P's and other new stuff coming will have their "Blinking 12" syndromes as well, and we would do well to avoid covering them with black tape, and instead, educating ourselves and seeking other resources to solve these problems as they come along.
Our second panelist was Andrew Shen, of EPIC.
He pointed out that privacy has become a mainstream social issue. In Wall Street Journal and ABC polls, it ranks the highest of American's concerns, 25%, above poverty, overpopulation, depression. Harris polls show privacy concerns higher than healthcare, crime and taxes.
Chen spoke of Identity theft, and gave a short description of the problem -- your credit card application is stolen from your mailbox, and the thief uses your name and his own address, receives the credit card, uses the credit card as ID to get other credit, and all this is done within a day -- you don't know about it because the bills never come to you.
The US Postal Service says that this happens to 50,000 people per year, and causes 745 million dollars in losses.
Trans-Union, the credit reporting agency, received 35,000 complaints of identity theft in 1992, and 500,000 in 1997 (and an expected 700,000 this year.)
The number of calls to 1-887-ID-THEFT have doubled since March of this year.
On average, it takes 175 hours for the identity theft victim to clear his or her records, and costs him/her $808.00 out of pocket.
The good news is that the Congressional Privacy Caucus is broad-based in its support; left, right and center politicians are involved. Al Gore has specifically stated that he wishes to "protect Social Security numbers" which have been misused as personal identifiers for years, despite the fact that that was not the original intent of said numbers, and Gov. Bush has said that he will "look very closely at privacy matters."
Shen's bottom line was that our representatives are very aware that we are concerned about privacy issues, so it's important to contact our local politicians, our congressional representatives and senators, find out their stands, and then, most importantly, to vote for those who may act 9on these issues.
The third Panelist was Simson Garfinkel, author of Database Nation. Garfinkel stated that he had thought he was asked to be here to speak about Marc Rotenberg, so he took a few moments to mention how Marc had helped him out. Garfinkel pointed out that privacy was a national concern in the 60's and 70's, bringing about 5 Congressional hearings on the matter. But laws were not passed. The law could be quite simple: Collected personal data could not be used for any purposes other than what it was intended for.
But other issues crept in and stole our attention away from the privacy issues. Cryptography, the Clipper chip, the Exon bill, the CDA took the attention away from the privacy concerns. They're all gone now, but the privacy issue remains.
Garfinkel says that the emphasis on internet privacy is masking the greater problem, which is privacy IN GENERAL. The same problems exist offline as online. Things like Carnivore are natural extensions of the use of technology in wiretapping which we, as a society, have accepted as allowable for law enforcement. His take is that there are more productive things we can be doing about privacy in general.
Garfinkel pointed out how there was much uproar about cookies, but very little has been said about web-bugs -- the tiny pixel-sized pictures you never see when browsing that can send information anywhere. This kind of spyware is not as noticeable, so it doesn't promote an outcry; but for that very reason it is much more insidious. It is a superior tracking device in that it generally goes unobserved.
Using a cell-phone to track someone, likewise, is observable, and may cause an outcry, but newer technologies, such as face recognition, will not be noticed, and this technology is just about ready to be used now.
Garfinkel pointed out how recently fraudulent information about companies internal affairs have manipulated the stock market. ID theft is only in its infancy. Some of the worst examples may be to come, including reputation attacks that could cost people more than just money.
Garfinkel's bottom line is that laws must be passed to protect data from being used for any other purpose than that which it was collected for, unless it has the express consent of the person who OWNS that information. Which SHOULD be you and me.
© Computer Professionals for Social Responsibility P.O. Box 717 Palo Alto, CA 94302-0717 Tel. (650) 322-3778 Fax (650) 322-4748 webmaster@cpsr.org
Is 1984 Really History?
by Gene N. Haldeman
Panel Three, entitled, "Is 1984 Really History?", included Paul Schwartz from the Brooklyn Law School, Andrew Shen of EPIC, and Simson Garfinkel, author of Database Nation.
Paul Schwartz began by suggesting that we, Computer Professionals, are the single most important group in preserving electronic privacy. He quoted Lawrence Lessig: "Code is law", and in essence, we are the ones who are in charge of the code. We are the ones who make the decisions for technical configurations, and system setups. We have a great deal of influence in what software is used. He used this analogy towards the concept of privacy violations: It is easy to steal a bicycle, but very difficult to steal a skyscraper, and we have the choice to make our own systems like bicycles or like skyscrapers.
He then mentioned a new arrival on the technology scene, P3P, and compared it to a "CyberJeeves", working on our behalves by negotiating our privacy requirements with a website's desire to collect information. This is a good thing, if it really works in the clients favor.
With all kinds of new electronic gadgets on the market, it's hard sometimes to recognize when something will violate one's privacy. Cell phones have been used for tracking purposes for years; it's natural for the police to use them in that way for the technology is built in -- the cell phone won't work unless the satellite can pinpoint the location of the phone. There's a trade-off involved; we give up that bit of privacy in order to have the convenience and utility of the phone. Also, there are times when the tracking capability could be very useful -- after a car accident in the middle of nowhere, for example, it could get an ambulance to you much quicker. We have to ask how that technology should be used and set boundaries.
How do we formalize privacy within companies? CPO's are a start, and Privacy Boards of Advisors, but they can be co-opted. There needs to be an external scrutiny, which means there must be legal rules. We need to constantly reassess technology as it relates to the social context.
He mentioned Neal Stephenson's "Blinking 12" on the hard-to-program VCR's of the 80's. (The solution, of course, was to cover the blinking 12 with black tape, so you couldn't see it.) Schwartz pointed out that with new technology, including VCR's that actually poll TV stations for the correct time, and other better firmware programming, newer VCR's don't do that any more, but the P3P's and other new stuff coming will have their "Blinking 12" syndromes as well, and we would do well to avoid covering them with black tape, and instead, educating ourselves and seeking other resources to solve these problems as they come along.
Our second panelist was Andrew Shen, of EPIC.
He pointed out that privacy has become a mainstream social issue. In Wall Street Journal and ABC polls, it ranks the highest of American's concerns, 25%, above poverty, overpopulation, depression. Harris polls show privacy concerns higher than healthcare, crime and taxes.
Chen spoke of Identity theft, and gave a short description of the problem -- your credit card application is stolen from your mailbox, and the thief uses your name and his own address, receives the credit card, uses the credit card as ID to get other credit, and all this is done within a day -- you don't know about it because the bills never come to you.
The US Postal Service says that this happens to 50,000 people per year, and causes 745 million dollars in losses.
Trans-Union, the credit reporting agency, received 35,000 complaints of identity theft in 1992, and 500,000 in 1997 (and an expected 700,000 this year.)
The number of calls to 1-887-ID-THEFT have doubled since March of this year.
On average, it takes 175 hours for the identity theft victim to clear his or her records, and costs him/her $808.00 out of pocket.
The good news is that the Congressional Privacy Caucus is broad-based in its support; left, right and center politicians are involved. Al Gore has specifically stated that he wishes to "protect Social Security numbers" which have been misused as personal identifiers for years, despite the fact that that was not the original intent of said numbers, and Gov. Bush has said that he will "look very closely at privacy matters."
Shen's bottom line was that our representatives are very aware that we are concerned about privacy issues, so it's important to contact our local politicians, our congressional representatives and senators, find out their stands, and then, most importantly, to vote for those who may act 9on these issues.
The third Panelist was Simson Garfinkel, author of Database Nation. Garfinkel stated that he had thought he was asked to be here to speak about Marc Rotenberg, so he took a few moments to mention how Marc had helped him out. Garfinkel pointed out that privacy was a national concern in the 60's and 70's, bringing about 5 Congressional hearings on the matter. But laws were not passed. The law could be quite simple: Collected personal data could not be used for any purposes other than what it was intended for.
But other issues crept in and stole our attention away from the privacy issues. Cryptography, the Clipper chip, the Exon bill, the CDA took the attention away from the privacy concerns. They're all gone now, but the privacy issue remains.
Garfinkel says that the emphasis on internet privacy is masking the greater problem, which is privacy IN GENERAL. The same problems exist offline as online. Things like Carnivore are natural extensions of the use of technology in wiretapping which we, as a society, have accepted as allowable for law enforcement. His take is that there are more productive things we can be doing about privacy in general.
Garfinkel pointed out how there was much uproar about cookies, but very little has been said about web-bugs -- the tiny pixel-sized pictures you never see when browsing that can send information anywhere. This kind of spyware is not as noticeable, so it doesn't promote an outcry; but for that very reason it is much more insidious. It is a superior tracking device in that it generally goes unobserved.
Using a cell-phone to track someone, likewise, is observable, and may cause an outcry, but newer technologies, such as face recognition, will not be noticed, and this technology is just about ready to be used now.
Garfinkel pointed out how recently fraudulent information about companies internal affairs have manipulated the stock market. ID theft is only in its infancy. Some of the worst examples may be to come, including reputation attacks that could cost people more than just money.
Garfinkel's bottom line is that laws must be passed to protect data from being used for any other purpose than that which it was collected for, unless it has the express consent of the person who OWNS that information. Which SHOULD be you and me.
© Computer Professionals for Social Responsibility P.O. Box 717 Palo Alto, CA 94302-0717 Tel. (650) 322-3778 Fax (650) 322-4748 webmaster@cpsr.org
posted by Liza at 8:14 PM
1 Comments:
if only Gene could've seen: the NSA
Post a Comment
<< Home