Thoughts on Privacy

Posted by on April 9, 2005

Ordinarilly I’m a geek that spends an inordinate amount of time tinkering with code and breaking things. Lately I’ve spent alot of time reading about privacy issues, tools, and where all this is going. The more I read about the abuses of privacy rights the more wild-eyed I get. I’ve caught myself ranting about the invasion of the government into my privacy. While I stand by that rant my feelings about this kind of thing seems to be bumping into a grey area that I’m not sure I’m comfortable with.

The Patriot Act caused many of my librarian friends to come unglued about the possibility of an evil FBI agent storming their reference desk demanding access to their public use Internet kiosks. I would respond with, “Any idiot doing something stupid on a PUBLIC OWNED machine SHOULD be spanked”. I stand by that point still. Then came the TSA and their wishes to log airline passengers and develop a database for tracking folks to which I responded, “In this day where airplanes are taken over and converted to guided missiles there is some comfort in the Feds trying to keep track of who’s flying.” I stand by that statement as well. Of course it’s easy for me to stand by both statements because I don’t use public Internet Kiosks and I don’t fly regularly.

I read the Sandia article and realized that there are people out there doing their level best to protect MY private information…and looking in the wrong direction. It seems that folks are trying to protect something by building hedges around it…which is the normal tactic. Unfortunately, to protect an individual’s privacy this way we have to assign that “privacy” to a Trusted Entity which becomes the Hedge. How long will that Trusted Entity continue to be trusted and what happens when the trust is violated?

Treating privacy as a sacred object isn’t the answer I don’t believe. True, it is sacred but to protect it we have to protect where it is stored and used. I’m not sure a solution will be found if we continue thinking like the well meaning lads at SNL who seem to be headed down the “protect privacy by doing away with it” rabbit trail.

How do we protect where it is stored and used? There’s the rub. To use something you must expose it. It’s the Chicken-Egg problem. The traditional method of solving this problem is to kill the Chicken which seems to be where SNL is headed. Is there position simply that we cannot protect privacy at the environments? We’ve been trying to protect these environments for a long long time and the attackers keep getting one step ahead of us. More often than not the protection mechanisms are simple userid-password mechanisms and that’s not going to work in this reality where people continue to use dictionary words for passwords and userid’s are made simple. We have other options like bio-metrics. If you consider the threat of an attacker gaining your online bank account password as troubling, imagine someone gaining your biometric signature! You can change your password but you can’t change your finger print or retina signature.

So here I am. A “keep the Government out of my Faith, billfold, and Internet” kind of guy who doesn’t seem to mind the Government watching me in the public forum(airlines, public use computers, etc…). Seems a bit hypocritical to me when I look at it but it is what it is. As the world continues to spiral more and more to a “Wired” world and so many well meaning people are approaching the protection of MY privacy from the dead chicken perspective, I’m left with the very real possibility of my personal political pendulum swinging very hard and very fast in the other direction. Slippery Slopes are difficult to stop. If we are willing to allow a raid on a PUBLIC computer for the “protection” of our Country then how far of a logical leap is it to allow a government computer to keep and protect my private information? After all, we have trusted the Feds NOT to get the websites innocent Joe visited while he was at the library prior to Mr. Barbarian’s visit to his Hezballah comm site…right? If I trust the Feds to do it right in the first instance…what right do I have to think otherwise in the second? *sigh*

Last modified on April 9, 2005

Categories: InfoSec
1 Comment »

« | Home | »

Comments are closed.

%d bloggers like this: