Solzhenitsyn Quote on Data and Privacy

As every man goes through life he fills in a number of forms for the record, each containing a number of questions . .. There are thus hundreds of little threads radiating from every man, millions of threads in all. If these threads were suddenly to become visible, the whole sky would look like a spider's web, and if they materialized as rubber bands, buses; trams and even people would all lose the ability to move, and the wind would be unable to carry torn-up newspapers or autumn leaves along the streets of the city. They are not visible, they are not material, but every man is constantly aware of their existence.... Each man, permanently aware of his own invisible threads, naturally develops a respect for the people who manipulate the threads.

     --Alexander Solzhenitsyn, Cancer Ward, 1968.


Posted on May 30, 2006 at 10:55 AM • 15 Comments

Comments

EdwardMay 30, 2006 3:49 PM

Wow, more people should listen to that one and apply it. Not just in a security sense, but in a living your life sense.

geoff laneMay 30, 2006 4:21 PM

If there are no legal consequences I tend to make up information for questionaires that I find annoying.

For the situations where there are legal consequences I rely on the fact that hardly any government sponsored database projects have ever worked :-)

BartacusMay 30, 2006 9:03 PM

This reminds me of Bruce Sterling's short story 'Jim and Irene' --- you can find it in _Globalhead_.

ArchangelMay 30, 2006 10:57 PM

I am reminded of Orson Scott Card, and a character in the Homecoming Saga who could see and manipulate the bonds between people. Used for an illustration of how unpredictable the results of human interaction can be.

Nolan EakinsMay 30, 2006 11:35 PM

I would not be surprised to see that quote hanging in some guy's cubicle inside the black, shielded walls of the NSA.

"...and when the threads collasce into a pentagon tied to a hypercube then you know you have a terrorist. That is when you pull back on your line and ring him in."

SecureMay 31, 2006 6:06 AM

"If there are no legal consequences I tend to make up information for questionaires that I find annoying."

I believe that long-timed database poisoning is the attack vector of the future. Implant some invisible process in the background by a worm, virus, rootkit, an insider, or anything else. On any day, it choses a random database it has access to, choses a random table and a random column and exchanges the values of some randomly chosen entries.

Let it run undetected for some years, with all the errors sinking into the backups. Some of the errors will be detected and corrected, of course, but it isn't likely to raise any suspicion - all data was initially entered by humans and can contain errors of all kinds. It is just business as usual.

I'm only wondering if there are already such processes in action...

Matt PalmerMay 31, 2006 9:09 AM

@secure

What would be the motivation to make random changes in databases that take years to occur? What does the attacker gain by doing so?

There's no kudos (no one knows it's happening). There's no financial gain, unless the attack was targetted at particular databases. I'm not sure why anyone would bother.

I can see why individuals might want particular information about them to be different in different places, to prevent too much aggregation by third parties.

SecureMay 31, 2006 10:05 AM

@Matt

Do you know the story of the frog and the boiling water? Short-sightedness is one of the reasons of our problems. Think in long terms.

Sooner or later, any fact of any life will be collected in databases. Anything you bought, any movement you made, any money transfer, your complete life will be in some databases. The different databases will be merged and combined. It is an inevitable development.

The motivation? Imagine the chaos when it is discovered that the final big databases that the whole society is now based upon have irreversibly turned into useless crap.

But maybe it is just a terrorist movie plot...

Matt PalmerMay 31, 2006 11:00 AM

@secure: "The motivation? Imagine the chaos when it is discovered that the final big databases that the whole society is now based upon have irreversibly turned into useless crap. But maybe it is just a terrorist movie plot..."

Imagine if our essential squid-tracking databases were slowly corrupted, allowing the terrorists to harness the evil power of giant squids to cause additional squid-related terror ;)

Seriously though - I am actually working on long term digital archive systems, so I agree that short-sightedness is to be avoided! We have lots of tricks to protect the long term integrity of such data over decades and centuries, against malware, hackers and most insiders too.


another_bruceMay 31, 2006 12:36 PM

always pay cash. use fake names for supermarket cards. mix-n-match id's. insert fake initials in your name, particularly when initiating telephone service. never file a change of address with the post office. lie on questionnaires and surveys.
ultimately, you are responsible for protecting your privacy. government and business aren't going to do it for you.

mystikphishMay 31, 2006 1:02 PM

I don't even use a fake name for a supermarket card... Someone else has almost always already done the work for me. Just use (xxx)-555-1234 where xxx is the area code of your "phone number".

Most of the time it just works. On the one market chain in my area where it doesn't work, they always use the "store card" for me and then hand me an application which I throw away...

RvnPhnxJune 1, 2006 10:29 AM

@geoff lane
"If there are no legal consequences I tend to make up information for questionaires that I find annoying."

Yep, did that for my first on-line email account, just in time for some moron to "protect children" by trampling on the autonomy of everyone by requiring proof of age just to have an open and freestanding online email account--real damn bright.

Mr. MikeJune 1, 2006 11:04 AM

@Matt

Many companies and government agencies rely heavily on, in fact, live or die by their massive customer databases. Never under estimate the motivation of sabotage by competitors / foreign governments.

Abe-ALJune 1, 2006 11:55 PM

@another_bruce

How does one mix n match ids? Any other identity hiding techniques?

RogerJune 2, 2006 9:53 PM

@Secure:
Two small problems:
1. The slow boiled frog story is a myth. (See snopes for details.) In reality the frog notices the water getting hot and tries to jump out long before a fatal temperature is reached. As a cautionary parable, it's OK to warn people to watch out for creeping changes but in fact most people DO spot creeping chnages when they reach an uncomfortable level.

2. And closely related to that, the issue of database corruption through incorrect record entry is well known. The percentage of false records deliberately submitted is much smaller than the percentage of entry errors, and neither is enough to seriously worry large data aggregators. Nevertheless, there is an active industry already involved in cleaning up such bad records. They have very high success rate in flagging suspect records, and a lower but still surprising rate of actually correcting them completely. In particular, things like using a fake middle initial and swapping two digits of your phone number will be easily corrected. The reason so many databases continue to ave errors like that is that at the current incidence, most operators just don't care -- yet.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..