Slashdot Mirror
Designing Software With Privacy in Mind
dalektcalum writes "Dr. Ann Cavoukian, Canada's Information and Privacy Commissioner, recently gave a talk entitled Privacy by Design. The talk starts off by covering the basics of privacy, and privacy law, and then moves onto the important component: how to design software that properly protects users privacy. The majority of the talk is spent on design principles, but also examines specific technologies (such as Elliptical Curve Cryptography)." The site includes a flash video of the talk, but there are also several torrents for folks who want to avoid hammering their servers.
Privacy is really important, and watching this talk makes me realize, I have not being doing my part as a software developer to respect users privacy. Hell I log way too much information, just to make debugging a little easier on the off chance I have to debug it in production. I'd encoruage all software developers out there to watch this talk, and take its message to heart.
Picking on Google because of their prominence, but this is how Gmail could be designed to really respect my privacy by storing the data on my own computer. (This would also take care of the 2 GB limitation.)
The email and the indexes would live on my machine. When I reading some email with Gmail, it would scan the email and send only the appropriate keywords to Google, and they would respond with the appropriate ads to be displayed in the appropriate boxes on my computer--but they would not have any direct access to my email once I had received it.
This would actually open up a new field of backup services for email. Google could encrypt the email on my machine and backup only the encrypted data at their end. The encryption and decryption key need never be seen at their end--though of course I need to store them somewhere apart from the machine that is being backed up. They could also provide email syncing services in the same way without ever seeing the clear data that is being synced.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
I thought that there was going to be some talk about MicroSoft's, Adobe's and others techniques for acquiring and maintaining market share...
You know... all those copies of Windowses and Offices and Photoshops and etc...
Being so easily distributed and pirated that I am yet to see a user with a licensed Windows copy. Or a legal copy of Photoshop...
Mit der Dummheit kämpfen Götter selbst vergebens
So, perhaps you can explain to us all exactly why privacy is so important. The whole story, because I'm sure we've all seen bits and pieces before. What exactly is the risk in letting some organization know everything about everyone? Would the same risk exist if everybody knew everything about everyone? Is the only organization we need to be afraid of the government, or are there others? What are the different kinds of information we need to be concerned about, and what are their relative values? If you could gain a hundred dollars by it, what would you be willing to give up? A million dollars? Your living expenses covered for the rest of your life? What information would you never want to give up, no matter what the reward? Does it depend in any way on societal taboos? If so, isn't the real problem the taboos, not the availability of information? Wouldn't the taboos disappear once we knew, for example, how many people really had visited porn sites? If you did something illegal and the government knew, a malicious government could arrest you for it. A malicious government could also arrest you even if you had never done anything illegal. So what does it matter what the government knows? Etc.
Please correct me if I got my facts wrong.
Remember, if you have nothing to hide, take off all your clothes!
Please correct me if I got my facts wrong.
I'm glad some people are being honest and asking questions. Kudos to RAMMS+EIN.
Claiming that privacy's significance is fundamentally rooted in philosophical axioms specifically about privacy are all fine and well, but for those of us who live for more important things in life, something a bit more substantial is required.
IMHO, the significance of privacy breaks down into four issues, all derived from axiomatic benevolence (a very popular axiom):
1) Societal taboos: Society is irrational. Most people are not bright thinkers, and have a great deal of difficulty with the abstract logic required to view all aspects of life from an objective point of view (no, objective POV does not mean mean or median point of view; FOX news is not "fair and balanced.") If we lived in a society which had a strong rational majority, this point would be rendered pretty irrelevant. Take the relatively recent acceptance of homosexuality by society: if society were largely rational, then pre-existing societal taboos would not be a compelling reason to protect people's privacy. However, since social revolutions don't occur over night, the only way to let such people live in peace is to give them a degree of privacy within which to live. If we took away their privacy now, many people might simply choose to wholly deny their secret inclinations, and no social revolution would ever occur.
2) Omniscience versus state secrets: Are the majority of surveillance advocates actually suggesting we divulge all state secrets? Personally, I'm in favor of an entirely transparent government. However if this is not part of the no-privacy-deal, get ready for a kick in the nuts: The power to erase privacy is an awesomely frightening power that makes conspiracy theories start to look like real possibilities. If you're used to summarily disregarding conspiracy theorists as raving madmen, and you don't think privacy is important, get ready to change your tune. Once the kind of concentrated surveillance power the Bush administration dreams of actually exists, there ceases to be a practical limit domestic black ops. The most convoluted of conspiracy theories will no longer be relegated to novels, it will really be able to happen. (I'm not accusing the government of doing anything like this, but the government isn't a single person. Resist the inclination to personify organizations; they aren't that simple. A single rogue government agent with sufficient power would be all that's needed.)
3) Revolution: Strongly related to the first two points is something that has already been demonstrated (and demonstrated against) in our own country. Giving the government or the public access to everything you read is not completely unlike giving them access to everything you think. There are people in our country, including many of middle-eastern descent, who have a real, credible fear of purchasing certain books with a credit card, or checking them out at a library. Profiling, no matter how distasteful, is real, and its role in law enforcement is not going to go away. Beside that, there is the issue of trial in the court of public opinion: People should not have to face ridicule or discriminatory treatment for entertaining or studying currently-unfavorable ideas. Our culture would be locked into the status quo, with no opportunity for radical improvement.
4) Law enforcement: Although this point is largely predicated upon the potential for a fully pervasive surveillance system, it's still an important consideration. A public policy dismantling any notions of personal privacy does not automatically compel individuals to actually comply to the point of volunteering the most private details of their lives. Every person with a vibrator or porno collection to hide would be highly suspect in a community where everyone let the cops rummage through their homes on a whim. This is the same reason I use encryption to communicate with friends and colleagues, and the same reason that I don't allo