Schneier on Security
A blog covering security and security technology.
« BNP Database Leaked |
| Here Comes Everybody Review »
November 24, 2008
The Future of Ephemeral Conversation
When he becomes president, Barack Obama will have to give up his BlackBerry. Aides are concerned that his unofficial conversations would become part of the presidential record, subject to subpoena and eventually made public as part of the country's historical record.
This reality of the information age might be particularly stark for the president, but it's no less true for all of us. Conversation used to be ephemeral. Whether face-to-face or by phone, we could be reasonably sure that what we said disappeared as soon as we said it. Organized crime bosses worried about phone taps and room bugs, but that was the exception. Privacy was just assumed.
This has changed. We chat in e-mail, over SMS and IM, and on social networking websites like Facebook, MySpace, and LiveJournal. We blog and we Twitter. These conversations -- with friends, lovers, colleagues, members of our cabinet -- are not ephemeral; they leave their own electronic trails.
We know this intellectually, but we haven't truly internalized it. We type on, engrossed in conversation, forgetting we're being recorded and those recordings might come back to haunt us later.
Oliver North learned this, way back in 1987, when messages he thought he had deleted were saved by the White House PROFS system, and then subpoenaed in the Iran-Contra affair. Bill Gates learned this in 1998 when his conversational e-mails were provided to opposing counsel as part of the antitrust litigation discovery process. Mark Foley learned this in 2006 when his instant messages were saved and made public by the underage men he talked to. Paris Hilton learned this in 2005 when her cell phone account was hacked, and Sarah Palin learned it earlier this year when her Yahoo e-mail account was hacked. Someone in George W. Bush's administration learned this, and millions of e-mails went mysteriously and conveniently missing.
Ephemeral conversation is dying.
Cardinal Richelieu famously said, :If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." When all our ephemeral conversations can be saved for later examination, different rules have to apply. Conversation is not the same thing as correspondence. Words uttered in haste over morning coffee, whether spoken in a coffee shop or thumbed on a Blackberry, are not official pronouncements. Discussions in a meeting, whether held in a boardroom or a chat room, are not the same as answers at a press conference. And privacy isn't just about having something to hide; it has enormous value to democracy, liberty, and our basic humanity.
We can't turn back technology; electronic communications are here to stay and even our voice conversations are threatened. But as technology makes our conversations less ephemeral, we need laws to step in and safeguard ephemeral conversation. We need a comprehensive data privacy law, protecting our data and communications regardless of where it is stored or how it is processed. We need laws forcing companies to keep it private and delete it as soon as it is no longer needed. Laws requiring ISPs to store e-mails and other personal communications are exactly what we don't need.
Rules pertaining to government need to be different, because of the power differential. Subjecting the president's communications to eventual public review increases liberty because it reduces the government's power with respect to the people. Subjecting our communications to government review decreases liberty because it reduces our power with respect to the government. The president, as well as other members of government, need some ability to converse ephemerally -- just as they're allowed to have unrecorded meetings and phone calls -- but more of their actions need to be subject to public scrutiny.
But laws can only go so far. Law or no law, when something is made public it's too late. And many of us like having complete records of all our e-mail at our fingertips; it's like our offline brains.
In the end, this is cultural.
The Internet is the greatest generation gap since rock and roll. We're now witnessing one aspect of that generation gap: the younger generation chats digitally, and the older generation treats those chats as written correspondence. Until our CEOs blog, our Congressmen Twitter, and our world leaders send each other LOLcats – until we have a Presidential election where both candidates have a complete history on social networking sites from before they were teenagers– we aren't fully an information age society.
When everyone leaves a public digital trail of their personal thoughts since birth, no one will think twice about it being there. Obama might be on the younger side of the generation gap, but the rules he's operating under were written by the older side. It will take another generation before society's tolerance for digital ephemera changes.
This essay previously appeared on The Wall Street Journal website (not the print newspaper), and is an update of something I wrote previously.
Posted on November 24, 2008 at 2:06 PM
• 53 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I will add one more line, then I am completely happy.
"Ephemeral conversation is a basic principle of human culture and civilization. A lacking existence of the first implies a lacking existence of the latter. Protecting ephemeral conversation by law and developing a basic human right to ephemeral conversation is therefore essential to conserve human dignity."
Bruce, ever thought about going into sociology? ;-)
The new president elect may change this by just keeping access to information and data and being damn careful with communications.
It wouldn't be so bad if everyone recognized that banter on FaceBook, your blackberry, or otherwise, was essentially private. But when they deliberately invade your communications for the soul purpose of finding those 6 "written" lines of information for the purpose of "hanging" you (compromising your position), then it has gone too far.
Stop the network. I want to get off.
Imagine Ahmedinajad sending Bush a picture of a cute little fluffy kitten, saying "I CAN HAS N00KZ?" Or Hu Jintao sending one saying "i'm in ur tek industry, reading ur s3kr1tz!" Or . . . .
I haven't and won't write anything in an email I wouldn't be ok with being made public. Obviously I'd prefer not to have my private conversations made public but I think it's a good habit to assume that anything you write in an email may end up that way.
I had a bit of a shock reading about the employment forms for the Obama administration. I realized that I could never even apply, because I couldn't produce a list of all the aliases I've posted under, at least not one that I would swear to under threat of perjury. I got my first email account in 1982. I ran a dialup bulletin board. A friend was cyberstalked, and that got me to be very wary of traceable online identities. My Second Life handle is different from my Ravelry username, is different from this one that I use on blogs. And I drop them as I lose interest in that portion of the net. And I don't have a list.
You essentially touch upon a long-standing struggle between opposing cultural norms, such as nomadic versus pastoral.
For example, nomads can shift away from some risk (e.g. drought) and use ephemeral accounting, whereas pastoral groups are more able to defend assets against other risks (e.g. theft).
I have written about this in the context of the Horn of Africa (http://davi.poetry.org/blog/?p=277), but you can find it in many places and many times throughout history.
It seems to me the balance and tension are natural; they should never lead to a "when everyone" period since complete homogeneity could be less innovative and less secure.
The way things are today, I wouldn't keep a blackberry if I were him. Political opponents will get you any way they can, even if it means twisting around a private conversation and asking you under oath about it. Then, off handed comments you cannot even remember come back to nail you.
It's not just p2p conversations we need to worry about.
How about our Internet searches what if you google "black hole" are you looking for information on celestial or earthly bodies?
When you click on a link to a web site do you know what files are coing to be downloaded and what they are called. For instance it would be easily possible for someone to have an otherwise legal site but name pictures as "bare-lolita" etc.
Considerably post the events how do you explain you are either inocent or unaware?
And what about proving you are inocent? Afterall the current legislation alows for link information not content to be saved. So the file name is saved but not it's contents...
As far as I can see currently there are only two ways for an individual to deal with this ,
1, never use electronic communications.
2, Record absolutly every thing you do and keep it indefinatly.
In this modern world the first alone is suscpicious in of it's self, and the second is effectivly impractical for everybody to do...
The second of course is tantermount to "leaving amunition for the enemy" as even if the information you record is 100% honest those you communicate with may not be so and you are therefor "guilty by association" and your oponents will get access to everything irespective of if it is "legaly privaledged" or not.
So damed if you don't and damed if you do.
Legislation is most certainly needed but it needs to be drafted by those not involved in any way shape or form with Government, or National Security, otherwise there will be exceptions and imbalance.
A good start would be a proper "right to privacy" with independant oversigt and mandatory punishments for all. The problem with this of course is that it would be seen as a "criminals charter" with more than a little plausability.
As was once remarked (by one of Issac Azimov's charecters),
"Welcome to the goldfish bowl"
And yes I suspect these words will one day come back to haunt me, but I live in hope that they won't...
One other consideration: Within the Federal Executive Branch, there are several entrenched constituencies that push relentlessly for greater and less-fettered government power of surveillance. Both the law-enforcement types and the intelligence/security types keep taking bureaucratic whacks at the privacy pinata, by introducing newer, higher-tech surveillance, and by pushing novel and less restrictive interpretations of their legal obligations.
This is no more than one expects of them, and perhaps is as should be. However, the trouble is that there is no countervailing bureaucratic pressure to provide balance. So as it turns out, it is the President's job to balance civil liberties against security requirements, in deciding how much of this securocratic agenda to go along with and what should be tossed out.
This is a single-point failure mode, and as the past eight years have taught us, it's not that unlikely a failure. When the President is wholly unconcerned about privacy rights (and possibly doesn't even understand them), and the securocrats can wield the "Terrorism" cudgel to cow any opposition, the encroachment against privacy and personal liberty can be considerable.
We shouldn't have to depend entirely on having a sensible person in the White House to protect our civil liberties. There ought to be an institutional, bureaucratic counterweight to the securocrats, to ensure that at least there is formal consideration given to concerns about privacy and liberty. What I have in mind is some sort of Chief Privacy Officer, a White House official created by an act of Congress, subject to Congressional confirmation, with a budget and a staff, and a mandate to review all law-enforcement and intelligence/security programs for privacy encroachments and violations of civil liberties. Reporting to the President, but accountable to Congress, such an official could be the beginning of a firebreak to try to limit the runaway of our incipient high-surveillance society.
It's possible that this sort of office could be structured in some other way as well -- I'm no expert at bureaucratic design. I'm pretty sure we need something like this, though. The existing pressures are driving the Feds to want to know and see everything about everyone. That won't change. We need put some serious boundaries on what they can know and see.
It's worse than that. Suppose you did record everything and keep it indefinitely. Then someone comes up with their own record of your activity which includes many things not on your list. How do you prove they made it up? You cannot.
Remember Michael Jackson who in defense against future accusations had his entire life videotaped? First thing they did was seize all the videotapes, none of which was used by the prosecution, and none of which was the defense allowed to see.
Privacy laws are a nice thought, but it seems so often they're ignored. I think what we need is laws that require technology that ensures that privacy cannot be violated. Safe storage and transmission of data and so on.
When I saw advertisements for online file storage for cel phones, I figured privacy as we know it is dead - even if it's typically illegal, it is now technically possible to do the following:
- Someone snaps a cameraphone pic and your face is in the background.
- As part of an investigation, the server holding the pictures is confiscated, and face ID/tracking software is applied to the whole cache.
- EXIF data in the camera fills in the blanks about exact time the photo was taken, and ever increasingly now, geotagged with the exact GPS coordinates it was taken at.
Now it's known exactly where you were and when, regardless of your willful participation in the photos. If you're in enough, for example someone who's into using Facebook or other social networking sites, a profile of your behaviour and where you're likely to be at any given time is now compilable with a few clicks and off the shelf software and hardware.
Richelieu was partly right. It'll be easy to embarrass just about anybody by quoting something they said in an e-mail. But it'll be next to impossible to get them convicted for it, because e-mail is easy to fake, and it's therefore very hard to prove who wrote it.
Even if someone's ISP has records showing that someone logged in as you at time X and sent message Y, your password could have been stolen without your knowledge. An agency with the ability to subpoena such records might even prove that someone at your phone number was calling the ISP's login number at the time the message was sent. But that still leaves doubt. The only absolute proof that the message came from your PC would be if the ISP saved the IP packet stream -- and that still leaves open the possibility that a 'botnet/virus hijacked your PC to send the message.
I suppose someone who knows you and reads the message could make a case that it "sounds like you". But without the knowledge to evaluate that claim, there's always going to be enough reasonable doubt to prevent a conviction, at least if I'm on the jury.
As someone who has pondered the idea of public office at some point in the future, I am terrified by the prospect that conversations I've had may become public. I "grew up" online, so to speak, and I've said and written things that neither represent who I am, nor my values today. (Who didn't when they were teenagers?)
Written skeletons in the closet. Of course back then I didn't care, simply because the idea of public office was laughable. I didn't have a crystal-clear idea of what I wanted to do with my life. I rather do, now. Or I should say, it is becoming clearer...
Unfortunately, it is virtually impossible to go back and delete these message board posts. They are on permanent record without spending some serious money to go back and buy the message board they exist on to remove them, and the other posts that quote them.
Very frustrating. I suspect, though, that this will become more common in the future, though. Maybe it will all be a wash... In any event, I am far more careful today.
Very well put, Bruce. I hope that we can get the boneheads in Congress to better consider these issues than they have in the past. Probably not, but I can still hope, and be glad that there are some sane voices in the wilderness.
Not to be the only discenting voice here, but isn't this always the way it's been? Excluding your family and close friends, do you ever talk without knowing that the person you're talking to is probably going to remember what you say - and maybe pass it on? What is that saying, "gossip kills".
The only difference is that instead of leaving conversation trails with humans to remember and pass on (probably in modified form to boot), we're doing a lot of it on computer.
We did see Obama's ephemeral conversations come back to bite him - it doesn't matter that it was perferctly innocent, his associations with different people in his past were used in an attempt to discredit him. No computers involved there, same effect though.
Nobody is recording the voices in my head, and they're all happy about that.
But seriously, I'm with David Hayes, up above. After going through my first discovery process, and having the lawyers laughing at our frantic and coarse 3 am back-and-forths, I've learned to always assume that somebody other than my intended recipient will read any email that I write or IM that I send.
It leads me to be much more careful about what I say in an email, and what kind of things I tolerate others saying, but it's become a habit.
We can also seek to invalidate the public trust in such logs so long as each message isn't signed by the sender cryptographically.
Reply to original article:
Why the obsession with deleting stuff and keeping it private?
I think we will have achieved progress when most things become readable by most interested people with no one giving a second thought to it - not when we manage to pass a bunch of legislation supporting people's neurotic compulsion for privacy.
Unless someone can show how a transparent world would disadvantage us all in some way.
What happened to signatures?
Sign something and it is official, do not sign and it is ramble. Worked well for centuries.
"Suppose you did record everything and keep it indefinitely. Then someone comes up with their own record of your activity which includes many things not on your list. How do you prove they made it up? You cannot."
And that is as they say the rub.
In communications security we glibly talk as though we can prevent against injection or replay attacks. We likewise talk about Man In The Middle attack prevention but we always miss the point. The Shannon model assums only two willing communicating parties and an adversary trying to disrupt an active conversation. It entirely missess that a reply attack can be used at a later time with an unknown third party with whom neither of the original communicating parties have ever had a communication (or wished to).
There is a limited defence against an inept injection attack which is "meta evidence" which is evidence about evidence, and is usually used to show that a document etc has been withheld or is missing not show that it is false.
This is based on a human assumption that nothing exists in a vacum and therefor it effects everything around it to a greater or lesser extent (like the wake in the sea from a boat).
Therfore it should be possible to show that something does not fit in as there is no visable effect on the surrounding objects in the time line (boats displace water equivalent to their mass etc).
This idea of objects effecting each other is the basis for forensics, usually expressed as Lockhart's Principle of exchange (transfer of trace evidence between objects such as the suspect and crime scene).
However it assumes an "actuality of immutable pressence" which something ephemaral like data does not necesarily have. That is in the past a written document existed and in the case of books and newspapers also in many copies. Therefore an accurate historical record was possible. Further if somebody produced a document it was possible to forensicaly check it's physical charecteristics for time and place authenticity.
However with the electronic form of newspaper this does not exist any more (but could) and as has been seen in civil cases judges have ordered that data should be removed or altered. Worse (as can be seen through various caches such as google) some online newspapers change their stories themselves without actual acknowledgment of the update...
But if the person doing the injection has enough information and they are not inept it would be possible to weave a number of small objects in, in a way that appears to be valid but is not. As they have your record your problem of finding discrepancies then becomes much harder as you probably don't have access to any other records.
With regards to Michael Jackson, I was unaware of the video tapes so cannot comment on it.
But yes It was one of the many things I was alluding to in my,
"leaving amunition for the enemy"
comment. Although I was assuming it would more likley be used for an active attack (ie out of context / falsification etc) than a simple denial of service (access) attack.
Although I do remember there was a comedy "road movie" where an inoccent man who had been convicted because the evidence that proved him innocent was declared inadmissable by the court. And I am aware of simmilar tactics being used when people go through appeals.
"- EXIF data in the camera fills in the blanks about exact time the photo was taken, and ever increasingly now, geotagged with the exact GPS coordinates it was taken at."
Don't forget cell phones can now be used to localise you to within a few meters of where you are for "emergancy purposes".
And what bigger emergancy can there be than the search for suspects (sorry witnesses) in a high profile case...
Then of course if you live in London there is the backdoor ID card called the "Oyster Travel Card" where all your journy uses are logged in Transport for London's (TfL) databases. And keept effectivly indefinatly for "fraud prevention reasons".
And joy of joys the congestion charge system (coming to a place near you real soon) where vehical number plate readers track you movments which are stored in another TfL database again effectively indefinatly.
Then there are credit store loyalty cards logging your purchases and when. And again these records are effectivly kept indefinatly.
Then there are those ever present CCTV systems which since the (underground) "London Bombings" TfL companies (can) keep almost indefinatly.
I know full well that when I step out of my front door within 50 meters I can be seen on CCTV and can be followed several miles into my nearest major shopping center. And although I think the footage is not currently stored in a high tech system it will probably happen soon (due to the cost of man power).
Location privacy is very much impossible in this day and age in places like London today and we only have the illusion it is simply because of the manpower costs.
At some point all of these databases will get tied together simply for the reason it is technicaly possible and some sales person will show it can be used to save money...
We've just had 4 years of an administration who thinks secrecy is a top priority. I sure wouldn't object if we had an overcorrection.
Besides, as one of Barack's employers, there's a sense in which I'm entitled to see what's on his Blackberry.
@Denis - so you're a fourteen year old girl and you want to look up the symptoms of chlamydia on the family computer. Can anyone think of a reason you might want to keep that to yourself?
Unless, of course, privacy and private messages have constitutional protection:
"Section 10 - The right to privacy
Everyone's private life, honour and the sanctity of the home are guaranteed. More detailed provisions on the
protection of personal data are laid down by an Act.
The secrecy of correspondence, telephony and other confidential communications is inviolable."
This is why I destroy my online self every year to two years. I have done so since the late 90s when I was in my late teens. I learned an important lesson back then about putting my real name on the net, and also other handles that were associated with that name, after an anonymous poster (probable troll) threatened to find me and kill me. Since I lost nothing in deleting my cyberself (they are after all mostly boring ideas from a nobody) I have done so continuously for ten years. I recommend others do the same.
It also with some humor that it is often those who put their full online life for everyone to see who are the first to scream about government surveillance of their lives (take a look at any left leaning political site, it only takes a few seconds to google the handle some outraged progressive is using, and the odds are good that you'll find that he/she has their entire life unfolded online).
any reason not to mention Goldberg and Borisov's OTR (off-the-record messaging) protocol?
(For those unfamiliar with it, it is designed to meet precisely this problem. Several instant messaging clients already support it.)
> Unless someone can show how a transparent world would disadvantage us all in some way.
Easy. If by some magical means absolutely all information was equally, practically accessible to all, full transparency would give enormous power to those with the greatest ability to process this information, which means the entrenched power elites.
In reality, at our current state of technological evolution, it is physically impossible to guarantee total equality of transparency, so there will be varying degrees of exposure. This would give enormous power to those with the most ability to ensure that they are least exposed, and to process the exposures of others. That is, the entrenched power elites.
Your utopia is a recipe for eternal tyranny.
Danny O'Brien touched on this in a piece about the end of the private register. His thesis is that the analogue world had a space between the public and the secret, out in the open though not findable by those unconnected to it, which communications technology has eroded. He wasn't speaking so much of surveillance and potential consequences of off-the-cuff remarks on a permanent record but of the social conventions of what constitutes the public sphere, though it ties in.
It's important that our leaders feel free to engage in ideas without feeling like a paper trail will leave them open to witch hunts later. Unfortunately, we'd rather string them up so we insist that it is illegal for anything that is written conversationally to be deleted.
Therefore, presidents just isolate themselves even more. Give up the Blackberry, don't use mail, only converse with an inner circle of trusted advisers. Never write anything down.
This is not good either. Bruce is not completely wrong when he says transparency in government is key to liberty, but if leaders feel they must shut themselves in or risk a scandal, they will simply isolate themselves even more.
"It leads me to be much more careful about what I say in an email, and what kind of things I tolerate others saying, but it's become a habit."
And that's the real shame of it. The chill factor. Most of us now have relationships that exist only in electronic form, and we're reluctant (for quite good reasons) to even discuss certain ideas in that format. If certain undesirable ideas can only be communicated verbally in small groups, we have lost quite a lot.
@idontthinkso: "This is why I destroy my online self every year to two years. I have done so since the late 90s when I was in my late teens."
Unfortunately for many of us, this isn't really a practical option. We may have "brand value" in our online selves - people who know us by reputation as a given persona. For instance, some people think I have a clue regarding computers, Linux, security, and a few other things - mostly based on the fact that I have a history going back over 3 decades now. If I shot down my online persona every 2 years, then every 2 years I'd re-appear in the same forums and have to re-establish my street creds all over again.
And the worst part is that if I do that, I can't say "I used to post as foo@bar", because the instant you do that, you totally blow your new persona's cover.
For that matter - when you blow away your persona, do you do so *without* sending everybody a "I'm now at foo@bar" note? Or do you have to go make a whole new set of online friends, and never again contact the people you used to know?
Now keep in mind that if somebody is trying to correlate your various persona, the *FIRST* place they'll look is your parents/siblings/kids/SO's. If your mom and SO were both sending e-mail to foo@bar until 05/15/07, and both started sending to baz@quux that day, foo@bar and baz@quux can be linked pretty easily.
It just isn't as easy as "Just delete yourself every 2-3 years".
Sorry for the muliple Johns above. I picked a name someone else has been using (shocking that there is more than one John!)
Any case, I do think it would be a good idea if telecommunications companies could not legally retain private communications for a long period of time. Of course, that is much easier said than done. And it is not without flaws. Most solutions, even the good ones, come with downsides, and we're never going to solve these problems if we aren't willing to accept that.
"Goldberg and Borisov's OTR (off-the-record messaging) protocol?"
Looks good but users still need to be very careful with it...
There are potentialy a couple of little flys in the ointment.
The first off is traffic analysis with an instant messaging client this is goging to give a good corelation between Alice and Bob...
Secondly if for some reason the plain text becomes available (say from bob) it could be subject to various forms of analysis to show it probably was sent by Alice.
The first is people don't usually talk about things in a vacum and unless it is idle chit chat the subject is likley to be related to other evidence via at a minimum context which could possibly be discovered by other things (or Bob could provide supporting evidence).
Secondly it is possible to analyse the way people speak and write and show and compare style. In all but the briefest of messages this would certainly be a significant pointer (again bob could provide other examples of Alice's writting for the purpose).
If you then tie together the time stamps context and style analysis and say other evidence such as who was in the know then it might be easily possible to convince a jury etc.
So gaurded and styalised language would be important for Alice to use as a bare minimum along with traffic analysis foiling techneiques (oh and making sure their is a Patsy to take the fall ;)
I've understood this problem since I was 16 years old, embarrassed by what my 14 year-old self wrote on alt.something. I can't wait until my Usenet idiocy derails my city council campaign...
Can't begin to tell you the number of meetings I've attended that were organized with a phone call, and included the words, "don't bring a pen or paper."
The ramifications of everything being written are that everything is being retained. Unfortunately, that retention leads to things like the Federal Rules of e-discovery, and the unfortunate side effect of every IM and email being retained for a duration not to exceed the statute of limitations.
What a great time to be a forensic practitioner!
"We shouldn't have to depend entirely on having a sensible person in the White House to protect our civil liberties. There ought to be an institutional, bureaucratic counterweight to the securocrats, to ensure that at least there is formal consideration given to concerns about privacy and liberty."
This already exists. Its called Congress and they have failed us miserably in the last 8 years. The president cannot pass laws all by himself. Congress could shut him in a little box and keep him there if the will to do it were there.
My hope is that conversations that are not meant to be public are kept that way in the minds of the people who may find out about them. The idea that what a president puts in an off-hand remark to a subordinate should be construed the same as public policy is stupid. We should allow all people privacy and the right to say something stupid once in a while.
@Andy: "We should allow all people privacy and the right to say something stupid once in a while."
Agreed. Almost everyone makes off-handed remarks from time to time, even on email and cell phones where they think they are just making a comment to a friend. I look back on my posts even here on this blog and think "man, that didn't sound how I meant to sound." Another thing is when people when casually discussing things, like we are now, say something they don't necessarily agree with, just as a consideration.
Since we are talking about president-elect Obama, I'll interject Bush as an example. I'm not a Bush fan (although sometimes I sound like one because some of the accusations I defend him against are seriously absurd), but I never was bothered by the time a microphone picked up that he had whispered to a collleague that someone was an "a$$h0le." Not the best offhanded remark with mics near, but most people have commented negatlively on the attitude of others in public, even just as a whisper. It wouldn't be smart, but I could see how an intelligent person could respond on a Blackberry "what a jerk" (or worse). I don't think any of us want those popping up.
This is why I think service providers should purge records after a reasonable period of time. I realize they want proof when someone disputes a charge ("oh yeah, I did send that text"), but how long does anyone want things to come back to bite them? I'd hate for a 10-year old text to be used in a campaign commercial against me.
I don't see how a data privacy law is possible without totally throwing out free speech.
For the public at large the threat isn't legal proof that they said something, if this was the worry the better choice would just be to change the law so that the sort of things most of us do aren't illegal (or are a minor fine like speeding). The problem is simply the spread of information about what we've said or what we've done. It doesn't matter if your potential employer can prove that's you on flikr mooning someone or smoking a joint. It doesn't matter if it can be proved that the semi-racist remark can really be proved to be something you said as long as it convinces others.
But this sort of information can't be stopped from appearing on the internet unless the law prevents people from describing what they saw or posting their vacation pictures. The inevitable advance of search technology means that I'll be able to learn about person X's spring break in cancun by searching through vacation photos from other people. Even if I have the ability to pull my own past comments offline that doesn't protect me from comments about me by other students from my highschool/college/first job.
In my opinion we need to simply accept that this will happen. It won't be the end of the world. After all 200 years ago most of us lived in small villages where everyone remembered the stupid shit we did when we were young and gossip revealed all of our affairs.
I agree with David Brin. The danger isn't that we will lose our anonymity but that we will try and cling to it in such a fashion that the politically powerless lose it first. We can already see this happening with crime cameras and other systems going up only in poor neighborhoods. That is what is truly harmful. For instance if the drug use of rich white guys was a visible as that of poor blacks do you think it would still be illegal? I doubt it. But unequal levels of anonymity make it much easier to get on one's high horse and use that information against people.
BTW, I want to thank you Bruce for not misusing the word privacy.
Things are private if only a limited number of chosen people have access to that information (e.g. a transaction between you and a buisness or something that happens inside your home). Things you do on a street or at a party are public but we tend to expect that this information won't follow us.
What about the silly belief that extracts from private conversations are candid and revealing? An attitude is commonplace these days is that a snippet of overheard conversation is likely to reveal the true mind of the speaker, when I would argue that it does nothing of the kind: conversation with a long-standing acquaintance implicitly carries years of unspoken context, as well as being adjusted in a direction sympathetic to one's conversational partner.
Given a record of everything I've said in what I imagined to be an ephemeral, private context, it would be possible to demonstrate with a few short quotations that I believe anything you choose. More to the point, a few short excerpts, if they are comprehensible at all, are likely to leave an essentially random -- and false -- impression.
Last time this topic came up in this blog, I posted a Jane Austen quotation that implied the above was once generally understood, but this knowledge seems to be largely lost today.
If "Subjecting the president's communications to eventual public review" is a good thing, then why shouldn't that apply to all of his (non-classified) conversations be a matter of public record, in the same way that the president's emails are?
Storage long ago crossed the point where recording audio 24x7 for a lifetime became inexpensive and feasible.
On the other hand, if the president is allowed to keep voice conversations ephemeral, why is the president not allowed to do the same with email?
(cue nixon tapes)
Check this out: The Australian Police have subcontracted a private company to spy on the web conversations of citizens.
These are the same police that screwed up the Haneef Case and whose boss predicted he faced a threat from cyborgs cloned by criminal gangs. God help us.
This conversation has me thinking of the proliferation of Web 2.0 apps like "Remember the Milk" and other. People recording in not-so-private space what were ephemeral things like to lists and shopping lists.
You could change your nom de web every twoyears, but the style of your posts, can be as easily identified by a computer as your face can, and the social network you interact with is already being charted by the NSA. Governments are the worst of criminals, no crime is as huge as the ones committed by governments. Bailout is the biggest theft in history, and is the policy of the party of hate, division, and class warfare, The people who caught Elliot Spitzer by combing his bank records, as they are doing yours.
the new generation with the openness should help to swamp these fools abilities to assign negative and permanent meanings to ephemeral thoughts. A jury of facebookers wouldn't buy into the rovian political prosecutions, like the Siegalman pogram in alabama. these same people deleted every record of the bush desertion.
I'm coming late to the discussion so I'm going to respond to many things in one post:
"do you ever talk without knowing that the person you're talking to is probably going to remember what you say - and maybe pass it on?"
There is a huge difference between someone's memory and a tape recorder.
"Besides, as one of Barack's employers, there's a sense in which I'm entitled to see what's on his Blackberry."
Really? Do you think that your boss is entitled to listen to your home voice mail?
"some people think I have a clue regarding computers [...] based on the fact that I have a history going back over 3 decades now."
I seriously doubt that many of the people you talk to online check your posting history. Anyone who is going to do business with you is going to want more than Usenet as a reference.
" I can't wait until my Usenet idiocy derails my city council campaign... "
Shouldn't happen. You just say: "Yes, I said it, and it was stupid." Don't try to justify and don't try to cover it up.
What are "underage men", exactly?
David Brin, _Transparent Society_, and also the "private sphere" concept from Heinlein's (1939!) _For Us, The Living_.
(sorry terse. "I'm on my blackberry, which has a small keyboard with more than one letter per key, so typing is hard. This is a recording.".)
When I was younger--in the 1950--a very common saying was "Never write anything you don't want to see on the front page, and never say anything you would't want repeated." By that standard, maintaining the privacy of ephemera, was a difficult thing, and in the smaller, and real vs. virtual, spheres we lived in--villages, towns, schools, etc.--the mere repetition, as opposed to the more modern worldwide broadcast, of a faux pas was painfully humiliating. Has technology brought on a fundamental change? I think not, we must still be circumspect. What we are aware of now is that the supposed "empowerment" of technology that we have chosen contains additional risks.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.