Do You Think Privacy Is Really Dead?
I occasionally post to the Cutter Consortium blog, and the recent topics there have involved privacy.
The viewpoints expressed by some of the others on the Cutter site intrigued, and certainly surprised, me. I've noticed a trend over the past couple of years for a large portion of the CTOs I speak with, along with others who work very exclusively with technology, to express the opinion that the possibility of privacy with current and technology is impossible. Especially the technology vendors, and those technology experts working for them on new software products. I've had some very well-known software CTOs basically laugh as they tell me that privacy is dead, and that technology cannot be constructed to protect privacy.
As you can see from the opinions I've expressed on this blog, such as here, along with the Cutter blog posting I mentioned earlier, I do not believe this at all. I believe that, not only can technology be architected to protect privacy, but if the effort and thoughtfulness is just exerted, that more new types of technologies can be created to add to the current privacy enhancing technologies (PETs) choices that exist, such as encryption.
But what do *YOU* my readers think? I'd really like to know.
So I decided to use a new capability I have to do polling on my blog site! Look to the right of the screen as you scroll down a bit and you will see my very simple poll about privacy. From everything I've seen and researched about this poll capability, there will be no personally identifiable information (PII) collected when you do this, but the general area of where your ISP is located will be noted so that we can see from where in the world our poll participants come.
Please submit your opinion; I really want to know what you think! Am I being too optimistic to think that the majority of people, beyond pure technologists, really do believe privacy can, and should, be built into software and systems?
I'm very interested in getting as many opinions tallied as possible and seeing what a large number of people think; aren't you interested to know also? It's very possible that I may be surprised at what most people visiting my site say about privacy. Of course I won't be able to tell if the respondants are "pure" technologists or not, but hopefully we'll get a good mix of folks.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
Comments
Hi Rebecca,
There are problems with all supposed technological solutions to the privacy issue. For example, one type of scheme has the user store data encrypted, and a server is supposed to reveal only the subset necessary for a transaction, and only with the user's authenticated permission. This relies on the recipients not to put the pieces together, and usually requires the user to trust someone else's servers and closed-source code.
I don't have space here to shoot down other schemes but the point is: it's not a technical problem, it's a political problem. The only thing that will help is a law saying that data collected for a particular transaction may not be used for anything beyond what is strictly necessary for that transaction. This would remove the economic basis of data-mining; companies could no longer benefit from it. Anything else - i.e. hoping for voluntary cooperation - is worthless and meaningless as long as companies can make a profit from trading in information about people.
Posted by: Steve H. | July 29, 2007 4:32 PM
Thanks for your thoughts, Steve.
I know there would certainly be challenges with privacy technologies. And certainly people need to know how to use them to make them effective; and trust is a key component of privacy.
But, even with the challenges, I think it is worth the effort, don't you? The most worthwhile initiatives are often the most challenging. Even if all privacy problems cannot be solved, making noticeable improvements is still important to try for.
The laws you mention are basically already in effect outside of the U.S. In many countries data protection laws require, among other things, that individuals be given notice of how their PII will be used, and the organizations collecting the PII must not use the PII for any other purpose than that for which it was collected. So, U.S.-based organizations doing business in those countries must comply with those requirements now.
That said, I do agree that the U.S. needs one federal law that addresses privacy in a comprehensive, consistent manner for all types of organizations. And yes, this would definitely spur on privacy technology research.
Posted by: Rebecca | July 31, 2007 9:26 AM