May 30, 2024

"Accidental Privacy Spills"

Don’t miss James Grimmelmann’s essay of that title over at LawMeme. The essay tells the story of how an email that journalist Laurie Garrett sent to a few friends leaked out gradually onto the Internet, and reflects on the implications of this kind of leak.

Privacy Technology vs. Privacy Laws

Politech reprints an anonymous, somewhat overheated essay arguing for a technology-only approach to privacy, as opposed to one based on laws. It’s easy to dismiss an essay like this just because of its obnoxious tone. But we should be skeptical of its ideas too.

Certainly, we ought to use privacy-enhancing technology when it is available, and we should try to figure out what we can do technologically to keep information from falling into the hands of people we don’t trust.

The problem is that out here in the real world we often do have to hand over information in order to live our lives. I have to tell my doctor about my health; and I have to tell my pharmacy about my prescriptions. How am I to keep my medical information out of the wrong hands? A law might help.

Even the most basic rights of citizenship cannot be exercised without disclosing information. To vote, you have to tell the government where you live, and you have to show them ID (which means you have to disclose more information to an ID-issuing agency). If you buy land, that land holding is a matter of public record, along with the price you paid for it.

And what about taxes? The tax authorities require you to disclose all sorts of information about your finances, including any anonymous offshore accounts you might have. Unless you lie to them, they’ll find out everything. And lying is, to say the least, problematic. First, there’s a chance of getting caught. Second, you have, or ought to have, moral qualms about lying. Third, underreporting your income is unfair to your fellow taxpayers (or at least the honest ones) who will end up paying more because of your lie. Fourth, if many people lie, this will trigger an increase in invasive auditing and enforcement activity, which raises new privacy problems.

Now maybe we should have a tax system that requires less disclosure. Probably the author of the essay would think so. And how are we going to get such a system? By passing laws, that’s how.

In fighting for privacy, we need to hold technology in our left hand and law in our right. We can’t afford to fight the battle one-handed.

Tech Provisions in Homeland Security Bill

Orin Kerr, over at the Volokh Conspiracy, summarizes some tech-related provisions in the new Homeland Security bill.

The bill changes the sentences that can be assessed for some computer crimes. The effect of these changes is unclear but will likely be small. The widely discussed life-sentence-for-hacking provision applies only in cases when the crimes deliberately or recklessly kill people; but such crimes are already punishable under state murder statutes. There is also an increase in the penalty for intruding into people’s email.

The bill also makes some changes in wiretap law, granting more power to law enforcement. I won’t attempt to further compress Kerr’s already-compressed explanation; read it yourself if you’re interested.

UPDATE (12:49 PM): Ted Bridis points out that the life-sentence-for-hacking provision applies even to attempts to kill people. This might in some cases allow prosecutors too much leeway.

Wireless Tracking of Everything

Arnold Kling at The Bottom Line points to upcoming technologies that allow the attachment of tiny tags, which can be tracked wirelessly, to almost anything. He writes:

In my view, which owes much to David Brin, we should be encouraging the use of [these tags], while making sure that no single agency or elite has a monopoly on the ability to engage in tracking. Brin’s view is that tracking ability needs to be symmetric. We need to be able to keep track of politicians, government officials, and corporate executives. The danger is living in a society where one side can track but not be tracked.

Kling’s vision is of a world where nearly every object emits a kind of radio beacon identifying itself, and where these beacons are freely observable, allowing any person or device to take a census of the objects around it. It’s easy to see how this might be useful. Whether it is wise is another question entirely (which I’ll leave aside for now).

One thing is for sure: this vision is wildly implausible. Yes, tracking technology is practical, and may be inevitable. But tracking technology will evolve quickly to make Kling’s vision impossible.

First-generation tracking technolgy works by broadcasting a simple beacon, detectable by anyone, saying something like, “Device #67532712 is here.” If that were the end of the technological story, Kling might be right.

Like all technologies, tracking tags will evolve rapidly. Later generations won’t be so open. A tag might broadcast its identity in encrypted form, so that only authorized devices can track it. It might “lurk,” staying quiet until an authorized device sends it a wakeup signal. It might gossip with other tags across encrypted channels. Rather than being a passive identity tag, it will be an active agent, doing whatever it is programmed to do.

Once this happens, economics will determine what can be tracked by whom. It will be cheap and easy to put a tag into almost anything, but tracking the tag will be impossible without getting a cryptographic secret key that only the owner of the object, or the distributor of the beacon, can provide. And this key will be provided only if doing so is in the interest of the provider.

It’s interesting to contemplate what kinds of products and services will develop in such a world. The one thing that seems pretty certain is that it won’t be the simple, open world that Kling envisions.