US Official Urges Americans To Reconsider Privacy

Privacy no longer can mean anonymity, says Donald Kerr, a deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguards people's private communications and financial information. "Protecting anonymity isn't a fight that can be won. Anyone that's typed in their name on Google understands that," said Kerr. Kurt Opsahl of the EFF said Kerr ignores the distinction between sacrificing protection from an intrusive government and voluntarily disclosing information in exchange for a service. "There is something fundamentally different from the government having information about you than private parties. We shouldn't have to give people the choice between taking advantage of modern communication tools and sacrificing their privacy." Kerr's comments come as Congress is taking a second look at the Foreign Surveillance Intelligence Act, requiring a court order for surveillance on U.S. soil. The White House argued that the law was obstructing intelligence gathering.

I'm willing to give up my privacy

[m2943]

if the US government--president, NSA, CIA, FBI--are willing to give up their secrecy.

What is intolerable, however, is for government officials to have a lot of information on private citizens, but for private citizens to have little information on the government.

Is this guy joking?

[rolfwind]

"There is something fundamentally different from the government having information about you than private parties."

Definitely. For one, I can choose not to interact with certain private parties if they piss me off. But I probably can't choose to ignore the government and have to interact with it on some level.

Also, private parties can't demand I hand over certain private information -- sure, they might decide not to do business with me, but the government seems to think it's priviledged to anything and everything since the Patriot Act. Good luck turning them down.

Now it's no longer based on evidence that a crime was done -- we are welcomed to the pre-emptive society. Pre-emptive wars. Pre-emptive invasion of my privacy (without warrant) based on crimes that might happen. I'm just waiting to be pre-emptively thrown in jail.

I find it interesting that this government official is trying to sell us on the government safeguarding our information. HAH! What a joke.

Legal terms to promote privacy

[Benjamin_Wright]

The article notes that kids reveal much private information about themselves on myspace and facebook. Some fear that this information can damage a kids employment prospects. Heres an idea: People could post legal terms of service on their social networing pages declaring that employers and prospective employers are forbidden from looking at or copying from the pages. Such terms would be like No Trespassing signs on land. Some case law supports the notion that terms posted on a web site can restrict the right of visitors to gather information off the site. Arguably, if an employer grabs information off of a site in violation of posted terms, and that leads to termination of an employee, then the employee could sue the employer for violating the terms of the web site. Even if the terms are not legally binding on the employer, they could be ethically binding.

Firefox add-on

[Janos421]

For those of you who want to protect their privacy, I've made a light Firefox add-on which generates randomly some queries on Google to make your search profile noisier and less exploitable. The queries keywords are extracted from RSS flows so you can personalize them. Moreover, the program simulates some clicks on Google search results (and ads).
For further information go on: http://sourceforge.net/projects/fuzzy-search/
It's a beta version and any comments are appreciated.

Re:Security Through Obscurity

[Stanislav_J]

I have yet to see anything turn up relating to me via my legal name (and variations) on Google. I don't know whether to be relieved or insulted.....

Basically, the more public the life you lead, the more apt you are to be found on Google. I've led a very hermit-like life and am very, very careful about who gets my personal information and why. Google knows me not -- I've never been the subject of or quoted in any news stories, I have not worked for any company or belonged to any organization that might put a staff or membership list online, etc., etc. Even if you try the various public records searches, my name will pop up occasionally, but 95% of what turns up is outdated information anyway, and what is there could be found without the Internet via a trip to the courthouse. I am well aware that the tide is turning (has turned) and that you can't totally hide in this day and age. But at the same time, that doesn't mean I'm going to hand over the details of my life on a silver platter. I understand that if someone really wanted to find me, they could. But at least they will have to work hard to do so.

We do need to redefine privacy - with cryptography

[vkg]

At the end of the day, you can't use somebody else's computer, and expect privacy. You can't use somebody else's network, and expect privacy. If I jack into your ethernet hub, you're going to have the possibility of reading my traffic unless I use HTTPS / SSH / GPG etc.

That's our real relationship with Comcast, with AT&T and so on. They're snoopy sysadmins on a gigantic scale, and we should treat them like snoopy sysadmins of any other kind: encrypt and tunnel all traffic, and push back technically as hard as we can. P2P has led the way on this, but it's really time we stopped dinking around and started defaulting to HTTPS even on sites like Slashdot.

On the broader level, I did some work on this (ironically, the first draft of the work was done for the USG.)

http://guptaoption.com/4.SIAB-ISA.php

It's a system - built on open source software for the most part (and the remaining stuff could be built) - which provides for a rock solid personal identity card which has three critical properties:

* all your personal data is encrypted, and only a court can decrypt it
* the card has no unique identifiers on it, and you have dozens of cards (that you leave with institutions like your bank to "anchor" your account)
* it's dirt cheap and secure enough to entrust with biometric data like DNA fingerprints.

Concerted effort to produce an open alternative which offers strong security *AND* strong privacy by carrying the debate to a higher technical level than schemes like RealID is long past due.

Phil Zimmerman settled the encryption issue for most of a generation with PGP. It's time for us to consider doing the same for general communications snooping, and then moving out into areas like the poor protection of identity in systems like the Social Security Number-based credit reporting system.

We can do better, and we must.