CFP2000 - Freedom and Privacy by Design

The organizers of the next Computers, Freedom and Privacy conference, to be held April 4-7, 2000, in Toronto, Canada, are issuing a Call for Participation in a workshop entitled "Freedom and Privacy by Design" - how to use technology to bring about strong protections of civil liberties against governments and businesses that would censor or snoop. I plan to attend: give me some ideas!

Encryption everywhere.

[pb]

Don't use telnet, use ssh. Got any sensitive e-mails? Time for PGP or GPG. (GPGPGP? Ahh!)

Why, you say? I don't have any data anyone would care about? Well, you might be right, but don't use that business e-mail account for personal reasons if you care about your job. And remember that the company might be logging your web access too, checking it against company policy. Chilling, isn't it? It's practically standard procedure nowadays.

Also, if you encrypt your stuff, and you usually have nothing to hide, and others do the same, eventually it gets much harder for anyone to snoop on the internet. They'd generally want to attack people who send unencrypted streams of data... Sucks for them. :)

Also, some common sense: Don't leave any encryption keys lying around if you care about your identity. In the future, I'm sure this can only get worse, and not just for Sandra Bullock. And saying "encrypt everything" might sound cool, but alas there are a few places where it isn't a good idea for everything. Like slashdot, for example. I wish my user account / password was secure, that would be nice... (the lesson here: have a throw-away password for the WWW, since much of the submissions are in plaintext, or a reasonable facsimilie) But I could care less about the actual content of my posts, they definitely don't need to be encrypted as they are being posted to a public forum! Like so.
---
pb Reply or e-mail rather than vaguely moderate.

Pointing out the obvious

[Deosyne]

While it probably doesn't need mentioning, encryption is the best use of technology to prevent snooping. The problem with this is twofold, however: 1) governments and large corporations have access to resources far beyond what most folks can muster up, and 2) we really have no realistic idea of what government agencies are truly capable of doing; I mean, who really knows if the NSA hasn't found a way to make PGP its bitch? Yes, the chances are that the large businesses and governments of the world don't have the capability to defeat the encryption that we have access to, but do you want to risk your freedom on a maybe?

With all of the ways that your privacy can be compromised, I really can't think of any other uses for technology that would assist in protecting privacy, especially since technological advances always improve the capability for someone to invade the privacy of someone else; when there are huge companies and governments who can churn out things like spy satellites, wiretaps and shotgun microphones, technology only seems to widen the gap rather than even the playing field. Of course, maybe I'm just paranoid. :)

Yet somehow I doubt it.

Deosyne

What can be done with technology...

[Aleatoric]

can be undone, as well.

Not that we shouldn't still make use of technological solutions where practical, but technology isn't really going to make a dent in the real threats to privacy, i.e. the end points of the chain.

Encrypting the transmission media (for example) won't do much good if the other end of the transmission has no scruples about the distribution of the information that they receive.

Unfortunately, privacy isn't about technology, but about respect. By and large, technological solutions aren't much more than stopgap measures, and will ultimately fail, unless we address the fact that to have privacy, others need to respect that privacy (and we need to respect the privacy of others, as well).

I tend to be loathe to suggest any kind of government intervention, but in some cases, only the force of law will address the worst of the issues.

By all means, we should use all technical means at our disposal to help protect our rights to privacy, such as encryption, some kind of provable authentication that doesn't require your life history to prove your identity, etc., but without a proper social framework that provides for privacy, and meaningful penalties for those that violate it, technology will be of only limited use.

Re:It's about time

[Rares+Marian]

Well It's about time people got a clue. Privacy isn't about shame and vice. It's about being recognized as an individual (which newsjerks falsely equate with uniqueness). It's about having personal control over your time, lifestyle, and your FRREEDOM of ASSOCIATION. Laws are made to deal with exceptions, not to tell the whole world what to do.

Consider the case of Harrison Bergeron (Vonnegut rules): He has an implant that prevents him from concentrating whenever he has illegal thoughts.

Now say everything you do or say is monitored. Do you really think the game stops there? Remember we're talking about humans being the monitors. Paranoia doesn't die when a particular fear is resolved. Paranoia just shifts its focus.

Sure, monitoring all phone calls will satisfy the majority of people working 40hrs a week completely detached scared to death of the world around them.

It will satisfy them about a month, if the news stations could abstain from playing the fear card (NBC and Y2K ring a bell?). Most likely that'll be a week.

Next you'll find that people are still afraid because the problem hasn't been solved and they know it. They know subconsciously that all that has happened is that they treated symptoms of fear and security agencies have made a killing.

So what next? Speculative profiling. Gateway thoughts (similar to that farce the gateway drug).
Attitude adjustment counseling.

So what's wrong with checking up on people? IT'S RUDE. It doesn't merely show a lack of class, but also it shows a lack of respect. You are a permanent suspect from the day you're born. You have no dignity. But the worst part is this:

IT IS DISRUPTIVE. Expressing an idea, producing a work, making a product, and being able to have stress-free periods to do so requires that you are not interrupted. It requires that you are not spending 90% of your time second guessing yourself wondering whether your work violates some vaguely defined votemagnet law.

It gets so ridiculous that such harrassment can be used in place of actually infringing on people other rights because it is so disruptive it hindrance in the same way as actually infringing on their rights.
"Computers should be ... tools... (siglim 120 chars)" Like cars... to the office no more no less.

Time for reliable anonymous transactions ....

[taniwha]

Might be time to set up that Cryptomiconon-style offshore anonymizing data haven .... and run everything thru there

Seriously though I think there's going to be a need for anonymized access to web sites and other net resources - so we can give away our email address without getting spam, our credit card information without getting ripped off, our home address to get something shipped without getting paper spam, our IP address so we're not being tracked around the net, use our SSN without it being being passed around, use our DNA without it affecting our medical insurance rates etc etc

And it has to be done a way that's proactive from our point of view - ie we don't depend on other people that we have to business with, (like the medical insurers, or the retailers or ....) who don't put our best interest ahead of theirs, to be nice to us and respect our confidentiality - gotta start using protocols (net, commercial, social, ...) that don't give them any option

These are difficult technical and social problems.

I suspect that what it comes down to is that we're going to need some reputable 3rd parties (those datahavens) to proxy our transactions for us.

At some levels we already have these - the big companies that sell financial (credit) and medical information about us - today they don't have our interests at heart either - somehow we have to find a way to take back ownership of our data.

I know Europe has stricter privacy laws than the US - anyone want to enlighten us on how they work?

Re:Time for reliable anonymous transactions ....

[kris]

I know Europe has stricter privacy laws than the US - anyone want to enlighten us on how they work?

Germany has a federal law governing privacy, which applies to federal govermental institutions and all non-governmental institutions, including companies. There is state law governing all state governmental institutions, too, and it is usually stricter than the federal law. Privacy law came into existence in Germany as a response to a census in the Mid-70ies, where the Government asked some over-investigative questions and ran into a PR desaster. The law which came from this regulates mainly the relationship between the state as a data-collector and citizens. The relationship between companies and customers was not seen as the major problem at that time and was not as thoroughly regulated. This is changing at the moment.

The basic idea behind all privacy law in Germany is that you cannot collect any data at all without stating clearly and in advance what data you will collect and - that is the catch - without stating beforehand what you will use that data for. It is a violation of the law to use such data for other purpose than specified.

There is a federal privacy commissioner, who supervises federal institutions and (at the moment) companies and other non-governmental institutions. There are state privacy commissioners, who deal with state govermental institutions. The privacy commissioners are fairly independent and report only to the parliament. They have the ability to check about any personal data records anywhere, without stating that beforehand. Usually they do so because some citizen has complained about some irregularity and the commisioner is now investigating this. As a counterweight the commisioner cannot act directly upon his findings, but can only file a report, which will then be acted upon by other institutions, for example the Police, a prosecutor or somebody else, depending on the case. All privacy commisioners produce annual reports of their findings.

The work of the commissioners is currently changing, as responsibility for companies and other non-governmental institutions is shifted from the federal commisioners to the respecive state commissioners. Also, some of the state commissioners (the "gang of 5") are begining proactive work such as technology evaluation, best-practice definition and sample implementations. The best-practice definition is particularly interesting, because privacy law requires that you use state-of-the-art techniques for privacy protection.

There are some interesting alliances forming at the moment between the privacy commissioners and the federal ministry for commerce, as the ministry learned about the importance of trustworthy software in cryptographic applications and understood that only Open Source and peer reviewed software is able to generate this kind of trust. There are several projects coming up in Germany which involve cooperation between the privacy commissioners and the ministry, such as governmentally operated anon remailers, anonymizing web proxies, governmentally sponsored developement and distribution of the Open Source software necessary for this and other projects. These projects will fit nicely into a frame as sketched by the above CfP.
© Copyright 1999 Kristian Köhntopp

Crypto has to be easier to use.

[Paul+Crowley]

We have to make crypto easier to use, even if we sacrifice some security in doing so. Sure, for my most private communications I'd rather verify the public key myself or through a PGP-like Web of Trust, but for most mails it's still far better if I trust some DNSSEC-based database to bind an email address to a public key than if I don't use encryption at all.

Of course, by "sacrifice some security" I don't mean we should start using shorter keys - the cost of long keys is not very much so we might as well use them - I mean "allow some possible attacks that more secure approaches might deny", such as trying to substitute a fake public key for the intended recipient's keys. These attacks are still far more expensive and difficult than pure eavesdropping attacks, which are relatively easy to thwart.

Oh, and we shouldn't use SSH everywhere - SRP is the Right Thing for remote passwords, and again it's far more convenient for the users.

When security measures become inconvenient, people circumvent them in ways that utterly defeats any security gained - like by telling people their password over the telephone. We have to make security so convenient people don't even realise it's there, and do the best we can in the environment that has real users in it. Those who know what they're doing can of course do better, but on the other hand those who know what they're doing are vastly outnumbered by those who *think* they know what they're doing.
--

Freedom*Security = constant

[MikeyNg]

It's not my quote. It's Larry Niven's. (And if you don't know Niven, head on over to library/bookstore. Go ahead. I'll wait.) My point is this: Lest we lose sight of the Big Picture, there are, in fact, several GOOD reasons why the government wants to invade privacy. In the worst-case scenario, people could operate covertly virtually under everyone's noses. I don't believe that a great number of people would want to give terrorists the opportunity to blow everything they have up merely because they felt insecure that the government was looking over their shoulder. I certainly do not advocate that the government (or any agency) should have ultimate power and be able to know absolutely everything about me. However, people must also consider the reasons behind the government's actions. To completely lock observers out of the loop is as dangerous as giving the government carte blanche. Who is to say where that limit should be? Before everyone gets in a uproar about encryption and how everything needs to be encrypted, and how we should keep Big Brother from looking over our shoulder, they should think what the consequences of such an action may be. As a final note, Niven has noted that the constant is not the same for each individual, or even for individual governments. If technology can find a way to increase the constant, I'm all for it.

Re:Technological Solution To A Social Problem?

[Hobbex]

Technology has been solving our social problems since its very inception, and shall continue to do so at an even greater rate. Nothing has been more important to the social solutions of freedom and democracy then the technology of information (going back to the original printing press, and even written language as a whole).

In the case of privacy technology does offer a number of things that will help us. Secure communications and anonymous information access and sharing (go read about the mixmaster) have been made possible, and if there is call for it will become prevailent and easy to use.

The problem is that the very technological innovations that help our privacy are exactly those under most attack by society. People advocate non-technological solutions to these issues not because they do it better, but because they offer less absolute privacy, privacy that can be fucked with given a court order or if enough people want to. With technology you have a situation of all or nothing, which society (in the form of our governments, but also companies and orgs (like RIAA, who would attack a truely free forum the second it came into being)) doesn't seem ready for.

-
We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.