Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Cartoon |
| New Directions in Chemical Warfare »
June 9, 2006
Privacy as Contextual Integrity
Interesting law review article by Helen Nissenbaum:
Posted on June 9, 2006 at 7:11 AM
• 45 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
This is really good, it puts a clear framework around why this type of surveillance is bad. It puts the lie finally to "we are just collecting public information..."
I'm not sure how clear it is. We still don't have zingers for "If you have nothing to hide, then what are you afraid of?" question. I'm afraid that "public surveillance violates a right to privacy because it violates contextual integrity" doesn't really cut it. I agree with Bruce that the question is wrong--but how do you dissolve the question?
The article is very good--but I think we have to translate it so that most people can understand the implications of the exposure of information in the inappropriate context. I like Bruce's argument that what is being done is not really about exposing information to George Bush--whom you may trust right now--it's about exposing information to a broader domain whose trust relationship is uncertain.
I think that we still need the plain words to explain to folks why privacy is important.
>> If you have nothing to hide, then what are you afraid of?
If I have nothing to hide, why do you want to watch?
I found the article to be very well written from a scholarly and generally neutral point of view. However, I must take point with the author on certain premises.
The article makes the point of “norms of appropriateness��? with regards to what is essentially information sharing in a public environment. The example is given of two strangers meeting in the street with the result that an enquiry by one to the other regarding his business would be met with a response that would not contain any useful information. In this case literally “none of your business��?.
Naturally it could be extrapolated from this that overt surveillance of the population by government agencies is necessarily therefore intrusive as a given member of the public would not volunteer information about themselves to said government.
The article seems to make the basic premise that a member of the public will not voluntarily give information about their intentions to a government agency. However, I believe that the vast majority of the public can be credited with sufficient intelligence to realise that surely this premise is not absolute but rather must be taken in context.
For the example given, i.e. overt surveillance by a government body, the context is what exactly the surveillance is designed to achieve. I submit that if the desired result is an increase in convictions of street robbers, or a decrease in terrorist acts, then most members of the public would agree that as they are in a public place anyway (and I happen to believe that the expectation to privacy is necessarily lower in obviously public areas) then the laudable objectives of being protected from having their life or property violently removed from them is a beneficial one that they would therefore, in general terms, support.
I also disagree with the author in certain respects on the subject of what might be termed appropriateness of dissemination. The example given is an individual who takes part in a gay pride public march in one city and has an expectation of privacy regarding her sexuality with respect to her colleagues and family members. In this specific case, should the individual concerned have knowingly taken part in a public activity that they were aware could be subject to publicity, I would submit that to then expect privacy in other contexts is not necessarily sensible. For example, should one of her work colleagues or one of her family members have seen her on TV taking part in the march, should she then expect them not to know of her sexual preferences? Clearly this is illogical. To be sure, in contextual dealings with other groups, i.e. work-related interactions with her colleagues, or personal interactions with her family members, her sexuality it completely and utterly a private matter that should have no bearing on the matters at hand. However, the article almost suggests that in this example, nobody should watch the march on TV in case they inadvertently see a colleague or family member about whose sexuality they were previously unaware.
It should also be pointed out that government agencies are and very much should be subject to stringent checks and balances when considering the necessity and impact of surveillance.
I am a student of Prof. Nissenbaum and have found "contextual integrity" to be a useful theoretical tool, especially when the traditional "public/private" dichotomy of information no longer is sufficient (see my link for examples). It helps us get beyond questions of whether a piece of information is public/private, and forces us to look at the contextual norms of the flow of said information.
Retort to "If you have nothing to hide..."? How about: "In a free society, I shouldn't require a 'need' to keep information from prying eyes; it should be the default."
"For example, should one of her work colleagues or one of her family members have seen her on TV taking part in the march, should she then expect them not to know of her sexual preferences?"
Yes. The participation in the gay pride march does NOT equate to a disclosure of my sexual preferences. Participation in the march says that I publicly support gays not that I am gay. It proves the papers point that "appropriating information from one situation and inserting it in another can constitute a violation".
I think all expectations of privacy have to start with an overt act by the individual who desires it. You must hang drapes if you don't want people looking in the windows (as an example).
A government watching the citizens is just about its most basic function. If you are to govern someone, you must observe their actions to detect problems. If you lack resources to deal with every possible problem in real time, you may even use a witness (recording device today) to deal with the problem at a latter time.
Is there a place you can go where a crime cannot be commited? Plenty of crimes take place in the home (i.e. murder) so the government is going to need to be able to peek into the home. So what do we do?
The current answer is to build a compromise between the ability of a criminal to commit a crime and the government being able to deal with it. Today we draw lines and say at this point the government may only use a witness to deal with the criminal after the crime, no peeking in real time.
This does tend to drive the government to increase the number of witnesses as the demand for a society with less crime grows. The demand for prevention also starts to break down the barriers to privacy.
At least that is the way I see it.
Reply to "If you have nothing to hide..."? How about: "You're not free if you don't have enough privacy"?
"I think all expectations of privacy have to start with an overt act by the individual who desires it. You must hang drapes if you don't want people looking in the windows (as an example)."
No. I don't want to justify the question of "Why do you want to hang your drapes up if you have nothing to hide?" This question then leads to an inventory of who has their drapes on (and, possibly, when) and could be made to justify further intrusion.
I want privacy to be a necessary expectation--not something I have to justify.
The best way i've found to demonstrate the risk involved with not having contextual integrity on film is to force someone to watch a Michael Moore documentary.
I disagree with the idea that every crime should be prosecutable. If no one reported a crime, is society really being served by punishing the criminal? I believe the only way our system of complex and incomprehensible laws can work is that if they're selectively enforced. Imagine if you were fined every time your speed went above the speed limit or you didn't stop long enough at a stop sign. Everyone would be much poorer, but no safer.
The government has no duty to do anything about any crime. The police do not have to protect you, nor do the courts don't have to prosecute those who have committed crimes against you. Since they do not have a duty to do anything about any crimes, they don't have a justification to monitor. They want to monitor and use crime as a convenient boogeyman. If you agree to have cameras installed in your home, that increases your chances of being prosecuted for a crime you commit at home, but doesn't create any additional obligation on their part to protect you or investigate crimes committed against you in full view of the cameras.
Recording the commission of a crime for later prosecution seems to conflict with the concept of a statute of limitations. The system has a built in concept that if you are not caught for a crime within a specified period of time, you get away with it. There are crimes, like murder, where you're on the hook until you die. However, I suspect that the majority of crimes that would be prosecuted after the fact without a victim complaint are things like a US citizen sending crypto out of the country. When a crime is committed, that would just be logged for later use. Everyone commits some criminal act at some point. The vast majority are not serious enough to warrant prosecution. Though, it would be convenient if it were even easier to figure out who voted against you and prosecute them for some borderline felony so they can't vote again.
While I agree with some of your ideas, Joe is still right. We really do need a zinger for responding to the question, and your explanation, while logical and possibly correct, does nothing to show potentially illogical or irrational populations the error of their ways.
Gee, I sound elitist here, but I guess I feel like I'm right that privacy is important, and feel a duty to educate the rest of society why that is so. But these long, rational explanations just don't seem to work!
So, down with rationality, up with the zingers!?
That's a potentially good zinger their, but too inviting of response. We need one that admits no response.
their, there, you know...
> If you have nothing to hide, then what are you afraid of?
I'm not afraid of what i'm doing, but rather i'm afraid that people will fill in the blanks of what they don't see on tape and i'll be criminalized for nothing.
Up with rational zingers.
@ Mr. Pond
So why not take it one step further, and run facial recognition software on the marchers and post their names on a web site?
Sure, somebody might recognize somebody else marching, but that's a little different from being able to discover that information with a google search a month later. I can't say I know where the line is myself, but somewhere there is absolute privacy, and on the other end of the line is absolute lack thereof. Do you really want to have every step you take through a public place recorded, catalogued, and published to people you may not want knowing about it?
Consider an eighteen year old going to the pharmacy and buying a condom while living with his / her parents. I believe that just because his / her parents are on the police force shouldn't give them carte blanc to know that information. Some people claim the inside of a store is a public location, and some claim it is private, and there are even differing judicial opinions on that particular matter.
The point is, even in public places I can expect some measure of anonymity. If that evaporates, then people who I don't want knowing about me are given the tools to do so at no direct cost to themselves.
As far as preventing crime? Cops don't prevent crime. They can't. You can't catch a criminal before they've committed a crime - otherwise no crime has been committed and that person is not a criminal! The only way to prevent crime in this fashion is to pick people up for thinking about committing a crime. We could term such a thing as "thoughtcrime". And alas for anyone who has ever wondered how hard it would be, really, to rob the corner bank... /even/ if you have no intention of doing so. Personally, I think it's a good thing that police can't read minds.
If cops can't prevent crime, how do I keep myself secure? That's why I've got my License to Carry. "Security" cameras don't make me feel secure - how many people have seen "security" camera footage of violent crimes? Sure, the camera might allow the police to arrest the guy that attacked me or my wife or son, but that doesn't stop the funeral from happening. Put the cameras up if you must, but I don't see how they make anybody "secure".
Me, I'll keep my 9mm for that.
People who accept the argument that cameras deter crime forget that criminals are mostly not rational people to begin with, otherwise they wouldn't be criminals. Even with cameras, they DO feel they can get away with crimes, or they just don't care. Some guy whacked on smack won't care if there's a camera around to record his misdeeds. You can't apply your own rational thought processes to irrational people.
Which is exactly why the military standard (for Don't Ask, Don't Tell) requires an overt repeating act or statement. Possesion of homosexual material, presence in a homosexual location (i.e. gay bar) or march, even a one time probably not to be repeated encounter does not meet the threshold for violation of the policy.
Information taken out of context is dangerous. What if the best steaks in town happen to be in an openly gay bar? Does that make all steak lovers gay? I think not. Unfortunately not everyone sees the distinction.
"If you have nothing to hide, then what are you afraid of?" is a toughie because it sounds reasonable on the surface. The problem is that since we don't accept it as reasonable, it's hard for something similar to not seem like a charicature
If you're not a communist, why don't you put your voting record on your resume?
If you're not a rapist, why don't you provide your fingerprints and DNA to everyone who wants them?
If you're not a terrorist, why don't you wear a patch indicating your religion on your clothing?
Can I have your social security number, mother's maiden name, name, address, bank account numbers and a sample of your signature? The police aren't the only ones who investigate crimes, you know?
We need to push the button. Global thermonuclear war is the only way to prevent child molesters from raping and murdering your children.
Of course, the core problem is that most things in life can't be summed up in a 10 second sound bite, no matter how many times the news tells us otherwise.
At the same time, the elite class -- federal employees -- are enjoying more rights, and guaranteed benefits, than the rest of us used to have.
Right, the 10 second sound bite does NOT sum up everything. Unfortunately, history shows us that popular opinion is severly influenced by the pithy phrase. So, let's get our heads together and think of the right sound bite.
Btw, I really like your list of analogous phrases.
Of course, here we all recognize the fallacy in the "If you have nothing to hide..." question. We all have something to hide, even if it's as inoccuous as what hand we wash with in the shower.
Outside of this sort of forum, the fallacy isn't recognized.
Maybe I /should/ go FBI. Maybe the only smart thing to do now is join-em, lest they beat you.
@Joe and others ...
Q: "If you have nothing to hide, then what are you afraid of?"
A: Let's start by making public restrooms coed and taking out all the stalls. You send your kids in first!
I think the context of the argument is completely wrong. I had a discussion with some friends a few weeks back regarding records that can be compelled in a court case.
I have the right (in the US) not to testify against myself. How far should this extend? Can I refuse to hand over a diary? How about business records? Files on my computer? Encryption keys / passwords to access files on my computer?
We have established where the lines are (from a legal point of view) in these circumstances, but what about when the distinctions start to blur? What happens when I have a neural link to my computer and it becomes an extension of my mind? Can you compel me to turn over my computer records then? Are they "external" or are they a part of me and I would thus be "testifying against myself?"
From a surveillance point of view, consider how you feel about the following. Is it okay for someone to observe me, outside my home (e.g. in my front yard), from public property (sitting in a car parked on the street)? Is it okay to observe me in my home with the curtains open? Is it okay to take pictures in these circumstances? Is it okay to take pictures with a low-light or night-vision camera? How about thermal imaging? How about with a camera that can see through walls as if they were glass?
Some would (and have) argued that I must close my curtains if I want privacy. So do I have to buy lead-lined curtains because the observer might have an x-ray device to see through them? Do I have to put up heat shielding to prevent thermal imaging? Do I have to live in a Faraday cage to prevent electronic spying?
How far do I have to go to exercise MY right to privacy? More correctly, how far do I have to go to prevent others from violating my right to privacy? That's where the problem is ... we've turned the question around and put the burden for privacy on the victim instead of the perpetrator. I liken this to saying to a woman "well, if you didn't want to be raped, you should have worn a chastity belt." That's just backwards. I have a right not to be raped (not to be observed) that I should not have to "enforce" with ever increasing levels of effort.
Actually, I recall a ruling that said using thermal imagery to take thermal pictures of a suspected pot growing operation inside a house without a warrant violated constitutional search rules.
"So why not take it one step further, and run facial recognition software on the marchers and post their names on a web site?"
Because that would not only be totally unecessary, but for a government body to do so would require:
1) A very good reason, for example specific intelligence that certain individuals are planning to start a riot.
2) The necessary authority. This would include steps taken by said government body to minimise collateral intrusion created by whatever form of surveillance is employed.
I think the focus of debate here has drifted somewhat. I don't believe that most rational people would disagree with the necessity of surveillance in certain circumstances, with the relevant checks & balances.
However, what most of us (including the author of the original article) are opbjecting to is the uncontrolled dissemination of what might loosely be termed surveillance, by non-governmental bodies.
While I totally support the concept of surveillance where necessary for the protection of the public or for the prevention or solution of crime, I personally believe that un-authorised dissemination of personal details by bodies corporate is a worrying trend that can and should be curbed ASAP, by legislation if necessary.
Whilst I agree that merely taking part in a gay pride march (and please note that I am merely making use of the example given in the original article – I am not in any way shape or form homophobic and utterly deplore such attitudes) should not imply that participants are themselves homosexual, you appear to be discounting the possibility that the family member or work colleague could theoretically assume this from one’s participation, i.e. make a genuine and non-malicious mistake.
The phrase "appropriating information from one situation and inserting it in another can constitute a violation" does not appear to take in to account the ‘genuine misunderstanding’. I believe that the latter should seldom constitute a legal violation.
“I disagree with the idea that every crime should be prosecutable. If no one reported a crime, is society really being served by punishing the criminal? I believe the only way our system of complex and incomprehensible laws can work is that if they're selectively enforced. Imagine if you were fined every time your speed went above the speed limit or you didn't stop long enough at a stop sign. Everyone would be much poorer, but no safer��?
I must disagree fundamentally with you on this point. The whole concept of a crime is an action that society as a whole believes to be outside of acceptable behaviour. Taken to its logical conclusion your argument here seems to suggest that no crimes should be punished. I believe that there can and should be no middle ground – either crimes are punishable or they are not crimes at all.
“The government has no duty to do anything about any crime. The police do not have to protect you, nor do the courts don't have to prosecute those who have committed crimes against you. Since they do not have a duty to do anything about any crimes, they don't have a justification to monitor.��?
This is simply not true. The Police absolutely have a duty to investigate crimes reported to them and to bring criminals to justice. They swear a legal oath to do exactly that. Nor do they have the luxury of “ignoring��? any crime whatsoever. Taken to its logical conclusion this argument would seem to suggest that the police and courts are therefore fundamentally pointless. The reality here is that the most fundamental, basic duty and purpose of the Police and courts are to protect the public whom they serve, and to bring offenders to justice.
“Recording the commission of a crime for later prosecution seems to conflict with the concept of a statute of limitations. The system has a built in concept that if you are not caught for a crime within a specified period of time, you get away with it. There are crimes, like murder, where you're on the hook until you die. However, I suspect that the majority of crimes that would be prosecuted after the fact without a victim complaint are things like a US citizen sending crypto out of the country. When a crime is committed, that would just be logged for later use.��?
The recording of a crime is in the vast majority of cases carried out by the victim. Certain crimes due to their particularly vile nature (such as rape) can and are reported by third parties. By accepting the report of a crime the police are therefore implying that it will be investigated to the fullest possible extent and any identified offenders will and must therefore be brought before a court of justice. This is the entire, fundamental point of the criminal justice system!
I can’t speak for the American legal system, but here in the UK the majority of crimes with no identifiable victim cannot by their very nature be investigated. There are a few exceptions - where the victim is considered to be society as a whole, or is considered to be the national interest etc. There crimes are usually very serious in nature, serious enough to demand investigation in their own right.
The concept of recording crime purely and solely for some sort of vindictive prosecution process is nonsensical and is alien to the aims & aspirations of the Criminal Justice system – the whole point of recording crime is to identify the perpetrator and bring them before a court to face justice and possible punishment, i.e. for the victim and society as a whole to see that where the accepted norms of behaviour are broken there are consequences for those who break the rules.
“Everyone commits some criminal act at some point. The vast majority are not serious enough to warrant prosecution. Though, it would be convenient if it were even easier to figure out who voted against you and prosecute them for some borderline felony so they can't vote again.��?
Who then decides what is serious enough to justify prosecution? The answer is of course the victim – they are totally free not to report a crime committed against them should they wish not to do so. As ever there are exceptions – some crimes are noted as having taken place but a decision is made that to continue with a prosecution is not in the public interest. Furthermore, if a suspect for a crime is arrested and a decision is taken not to prosecute as it would not be in the public interest to do so, then that suspect cannot be arrested for the same crime at any time in the future unless new evidence is revealed. Lastly, malicious allegations made against other individuals are subject to the criminal offences of “wasting police time��? and potentially “perverting the course of justice��? which is a particularly grave offence.
The answer to "If you have nothing to hide, what are you afraid of?" is "The government, next year." It's not that we need a pithy saying summarizing why loss of privacy is bad. What we need is a pithy phrase reminding people of why loss of privacy is bad. Did "54-40 or fight" make a compelling case? What about "Tippecanoe and Tyler, too?" These are shorthands, meaningful only within a shared context. You make a more detailed argument in some public forum, disseminate it as widely as possible, and come up with a catchy phrase that will remind people of your argument without trying to make the argument in ten words or less.
I think that various versions of table-turning are probably the best way to deal with the "nothing to hide" canard. Anything from "OK, I'll be coming by later to install a webcam in your bedroom and bathroom" to "I think you're right. So please pull down your pants and bend over so I can do a cavity search."
If nothing else, such a response will often expose the degree to which many people implicitly think of themselves as the watchers rather than the watched.
@ Mr. Pond
Actually, I'm concerned with all surveilance, especially considering how the governments can simply subpeona corporate bodies of knowledge, or occasionally "ask" for informal access to data that, arguably, shouldn't exist in the first place. Because of that problem, I see no line between "corporate" bodies of knowledge and "governmental" bodies of knowledge when used by the government.
Also, consider that corporate bodies can feel free to volunteer information to the government, and in many cases vice-versa (contracting out work, for example), and the distinction becomes quite blurred.
Finally, the concept that legislation prevents crimes (such as legislation preventing dissemination of personal data) is untenable. If the legislation prevented the crime, there would be no such thing as criminal behavior (in the existential sense). Legislation does not prevent crimes, it merely creates new ones, which must then be reported to police agencies in order to be prosecuted, which is no sure thing either.
Regarding surveilance (data collection of any sort regarding a person's activities), I think it's better to prevent the surveilance in the first place than to attempt to respond to it with legislation preventing dissemination of data. No body, corporate, government, or individual, can misuse data that simply doesn't exist.
My response to the "If you have nothing to hide, then what are you afraid of?" statement:
"OK, let's wire up your house, office, and everything in between like JenniCam, and make the cameras viewable via a web site that anyone with Internet access can get to. Same with your spouse, kids, parents and in fact every living relative. What's the matter: If you have nothing to hide, then what are you afraid of?"
This one almost always get them to reconsider.
I like it. "What am I afraid of? That some closet pedophile will get a job watching the cameras at my kid's school." Why not use public hysteria for good for a change?
@Mr Pond, @ Mike
The police do ignore many crimes on a daily basis--many officers watch traffic laws flouted on a daily basis without taking any action. Even when they do catch the offender, it is very possible that the person will avoid any penalty for their crime--other than the loss of time to attend a court date that the officer may miss.
This is true even in more serious crimes, such a theft; if the amount stolen does not reach a certain threshold, the police may attempt to arrest the individual, but the district attorney may choose not to prosecute because they have more important, "sexier" crimes such as armed robbery or corruption to prosecute with their limited resources. So even if the victim chooses to report a crime, there may be no action taken--I can think of rape victims who finally get the nerve to report their attack but who are turned down by police & prosecutors who say that there is not enough evidence.
Finally, crimes can be "recorded" but never actually occur. I was a victim of that, where I paid automated tolls but where the machine did not record the payment. Since my plate was recorded I received a summons for unpaid tolls, along with a fine for each one, and the only reason that some were waived is that the hearing officer saw my window open on some of the camera angles; recording also does not prove that I paid, as if my window was open, and I faked throwing coins, I would have gotten out of the fines anyway.
Imagine a video from a baseball game of someone walking past the camera, followed by someone else carrying a bat; the first person is later found unconscious with a head wound--does that prove that the second person used the bat against them? If they did, a well-paid defense attorney could argue that the video is prejudicial because it doesn't actually show the beating; if they didn't, police and the jury may assume the wrong thing.
"If you have nothing to hide, then what are you afraid of?"
"If you have no reason to pry, then why are you watching?"
"If you have nothing to hide, then what are you afraid of?"
"If you have no reason to pry, then why are you watching?"
The problem with this response is that 'they' believe they *do* have a reason to pry. Crime demonstrably exists, terrorism demonstrably exists, and prying *might* (read: *will* if you belong in marketing) reduce either or both. What more reason do you need?
I'll let you watch me if you let me watch you.
"Actually, I'm concerned with all surveilance, especially considering how the governments can simply subpeona corporate bodies of knowledge, or occasionally "ask" for informal access to data that, arguably, shouldn't exist in the first place. Because of that problem, I see no line between "corporate" bodies of knowledge and "governmental" bodies of knowledge when used by the government."
I completely agree with you on this point. Hence, perhaps there should exist more carefull and more specified lines of delineation between what is held by "government bodies" and what is held by bodies corporate. For the government agency to obtain any information from a body corporate should at the very least be subject to a fully scrutinised warrant application.
"Also, consider that corporate bodies can feel free to volunteer information to the government, and in many cases vice-versa (contracting out work, for example), and the distinction becomes quite blurred."
Agreed. This bluring of the distinction is a worrying trend - one that should be stopped. I believe that there should be a very clear distinction between information held by a government agency for a specific legal purpose, and general information held by a body corporate for a business purpose. To be sure there is an element of crossover between the two, but there ought to be (are?) legal methods for ensuring that an individuals right to privacy is maintained as far as is possible.
@ Fraud Guy:
"Imagine a video from a baseball game of someone walking past the camera, followed by someone else carrying a bat; the first person is later found unconscious with a head wound--does that prove that the second person used the bat against them? If they did, a well-paid defense attorney could argue that the video is prejudicial because it doesn't actually show the beating; if they didn't, police and the jury may assume the wrong thing."
While this does not *prove* the guilt of the person with the bat, it might be considered as *suggesting* guilt. This combined with the bat-holders fingerprints and/or DNA on the grip of the bat, coupled with DNA from the victim on the top of the bat, could provide a jury with a convincing argument of guilt. This then should be up to the judge to determine whether that CCTV footage should be admissable as evidence.
Which brings me on to a good point - many people do not seem to realise that the police and the judiciary are totally seperate bodies. Obviously this is a very necessary and important distinction, but often blame for a not-guilty verdict or a perceived lenient sentence will be laid at the feet of the police, where in actual fact the decission lies with judge & jury. Trial by ones peers has been enshrined in law since the Magna Carta was signed...
You've agreed with many of my points, but there is still a fundamental disagreement between us. I assert that legislation does not have the intended effect of preventing illegal activity, including illegal data sharing. Most interpretations of the NSA's alleged actions of obtaining calling records cite those actions as unconstitutional already. What good is more legislation going to do to prevent that sort of behavior?
That is one of the cases where it is simply better that the data not exist. Legislation cannot protect you from illegal activity, and illegal activity can be just as damaging (or more so) than legal activity.
For a more down-to-Earth example: Fraud is already illegal. Yet, personal information disclosures / theft still occur, and people use that information to make purchases illegally. How has legislation prevented identity theft?
Do not assume that because -you- wouldn't break the law that somebody else doesn't add the same facts up to a different conclusion. Some people, both in government and out, simply don't care about legislation. Making an activity illegal does not prevent the activity.
I could list many examples: drugs, theft, murder, fraud, environmental violations, motor vehicle violations, etc....
We've legislation up the yang for every imaginable activity. Does it prevent crime? I don't think that people don't murder because it's a law; they don't murder because it's something they find distasteful. People don't not steal because it's the law; they don't steal because they agree with moral behind the law that says you shouldn't steal. Those people that don't agree with the law simply don't follow it, and the result is called "crime".
I would agree with you that simply having legislation does not intrinsically prevent the vast majority of crime. What it does do is enable those who perpetrate such crimes to be punished for their commission.
In the case of illegal data sharing, I agree that the best prevention would be for the data not to exist. However, some of this data is probably incredibly useful not only for protecting people but also for benign business purposes.
I believe that the best balance between the two opposing situations may be that governmentally and corporately held data sets should be maintained totally seperately. Any systems for transfering data between the two sets should then be very, very closely monitored, by independant bodies if needs be. This would, ideally, enable data useful for investigation or prevention of crime whilst safeguarding as far as is reasonable personal privacy.
I do think there needs to be some sort of middle ground.
"I would agree with you that simply having legislation does not intrinsically prevent the vast majority of crime. "
"What it does do is enable those who perpetrate such crimes to be punished for their commission."
Punishment for a crime is all well and good, but there are plenty of circumstances where the law just simply doesn't matter. Once a victim has been created, it is nearly impossible to "undo" victimhood. Therefore, in order to prevent the creation of victims, the crime must be prevented through a scheme that doesn't rely on post-event punishment.
Also, there are situations where the government itself may be the entity acting with criminal intent, and is therefore suffering from a conflict of interest regarding prosecuting a violation of the law.
"Any systems for transfering data between the two sets should then be very, very closely monitored, by independant bodies if needs be. "
This is a good idea, but unfortunately impractical. What authority would such a body have? If the government grants the authority, the same conflict of interest is created as above. If the government chooses not to recognize said authority, what is the fallback position?
Also, what if the government simply circumvents that body? For example, today, by law, to conduct wiretapping operations inside the United States, a warrant must be obtained. We even have a special court system, FISA, for quickly acquiring the necessary warrants for national security reasons. Yet, it appears the Federal Government has circumvented FISA for reasons not made public.
The fundamental thing I'm trying to communicate is that the government can choose to be above the law in many respects - at least until the next election. The House of Representatives suffers least, due to the two-year term and vastly diluted powers (435 members in the House, right?), the Senate second-least, due to the six-year term in combination with again limited actual power (100 members), and the Executive branch the most, due to the 4-year term of the President and vast powers of appointment and concentration of that power within one individual, though appointments must be approved by the Senate.
Four years is a significant period of time with which to damage the credibility of the federal government and security of its constituency.
Now, I don't think that Executive Powers should be curtailed too much, but maybe, just maybe, it would be a good idea not to keep too much data around just in case our Executives have a fit of "we're breaking the law to protect you".
"I believe that the best balance between the two opposing situations may be that governmentally and corporately held data sets should be maintained totally seperately. "
I agree with this 100%. I think it needs to be made crystal clear under what circumanstances an individual or corporation is privileged or required to divulge any information. Right now, the law is not so clear, if the NSA can successfully threaten US corporations into giving up their data. If the law WAS 100% clear, those corporations could have responded with "No" and not had to worry about repercussions for obeying the law. I believe that the court system should decide these matters of balance between legislative intent and executive action, as the Constitution guarantees in the first place.
Perhaps then the answer may be that well written, well thought out laws regarding disclosure between bodies corporate and government should be created / updated / maintained, whichever is applicable, but that some sort of system needs to be put in place to make sure that said government remains within the law.
Perhaps this safeguard, whtever form it may take, needs to be strengthened, other wise exactly as you describe the government may allways 'break the law to protect'.
I suppose this would be a whole different version of Pandora's box, but in this situation, the law ought to be the law, unbreakable by anyone, even those who state that they have the publics best interest at heart.
Good discussion BTW.
Forgot to add: I agree with your last partagraph. The courts as an independant judiciary ought to be the final and ultimate arbiters of what can and can not be done, by government or corporations.
>> We still don't have zingers for "If you have nothing to hide, then what are you afraid of?" question.
As has been pointed out in this thread, I have plenty to hide.
On a professional level, I deal with stuff that's classified as trade secret and commercial-in-confidence every day. On a personal level, there's a lot of information that's just none of your damn business. I give out my credit card number to a 16 year old at the local supermarket several times a week, who is probably less trustworthy than most people here, but I'm sure as hell not saying what it is in public.
I think it was Bruce who famously asked the question: Why do we use envelopes? After all, if you sent all your correspondence on postcards, the postage would be cheaper.
You said, "the law ought to be the law". Well, yeah, of course. But the challenge is in making that so. It's hard enough to keep the government bridled by the law with ordinary crime (for example, my father-in-law's brother was killed by a local pol's son in a DWI, and there was no real attempt to make things right) that leaves ordinary physical evidence, never mind data-mining crimes that do not.
I can't imagine a system that allows for controlled access of data that provides clear evidence when wrong-doing occurs. If such a system were possible, then allowing for the existence of personal information databases might be more acceptable. But I don't believe such a system is possible. I challenge you to describe how such a system would operate.
"Good discussion BTW."
Yeah, thanks for the discourse!
"I can't imagine a system that allows for controlled access of data that provides clear evidence when wrong-doing occurs. If such a system were possible, then allowing for the existence of personal information databases might be more acceptable. But I don't believe such a system is possible. I challenge you to describe how such a system would operate."
I suppose a simplistic answer to this would be for the system to feature a comprehensive, uncorruptible audit trail of who, when & why an individual accessed or searched any data. Simplistic because this then requires trustworthy administrators to alert the powers that be of any wrongdoing.
I suppose the above is in danger of degenerating in to the old "who watches the watchers" question. Ultimately, I can't think of an answer other than at some level there has to be a group of individuals in which a certain level of trust is implicitly placed.
Further than that, I can't realy see an answer that would be satisfactory to both the security / law enforcement community *and* the pro-privacy community. I suppose there's no reason why one can't be a member of both, but that's a wholely different discussion...
>> If you have nothing to hide...
While you may be a voyeur, that does not mean I am an exhibitionist.
There was an above statement that was made about the government watching to see who voted against you so you could prosecute them on felony charges so they can't vote again, they don't care whether you vote for them or not, the winner of an election in the executive branch is predetermined anyhow. Your vote don't matter and neither does your voice, what do you all think about that?
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.