April 21, 2004

Protecting the Right to Protect Privacy, Andrew Grosso

David Brin has said privacy as we know it is dead. Yesterday morning in the workshop, "Privacy and Civil Liberties Issues in Computing Applications Research and Development," Andrew Grosso told a story, a horror story of sorts, about a day-in-the-life of a man without privacy whose every move is recorded. He drives to work, paying a bridge toll with his FastPass; he gets into a fender-bender and his smart car confirms that he was not at fault because the car was stationary at time of impact; he is admitted to his building by biometric identification; every keystroke and website visit on his work machine is recorded; he submits DNA for an analysis of his eligibility for insurance; his cell phone tracks him even when he goes for a walk; he makes a phone call on a pay phone subjected to a roving wiretap; he uses his credit card; he is promoted to manager as a result of DNA analysis and determination that a key character "quirk" could easily be corrected by prescription drugs; his anatomy and face-points are scanned on entrance to a ballpark; and on and on... Grosso further pointed out that none of these occurrences and surveillances are illegal or technologically inconceivable.

Grosso is particularly troubled by the ways in which the public is encouraged to sacrifice their privacy rights--all of us have likely been idling in line to cross a bridge and felt the breeze of FastPass users whizzing by in their own special lane. Even more frightening is that many people seem quite willing to sacrifice lots of privacy for what the government continually insists is added security.

The key legal battle from Grosso's perspective is protecting the right to protect privacy. Protecting privacy directly, he contends, is difficult or impossible through legislation, but is more effectively accomplished in the "real world" by technological means. How? Pay in cash, turn off cookies, wear clothing that blocks infrared scans, etc. Law should focus on preserving rights to utilize these methods, preserving the market for privacy protection technology.

A question was raised--doesn't this scheme of focusing on technological rather than legal protections create problems for the vast numbers of people who might not have the economic resources to procure these protections? Importantly, it was said, "privacy is in numbers"--if you are the only person in the world using encryption technology in your e-mails, that protection is not much good. A question that remains open--might enforcement and auditing technologies be even more important than countermeasures?

Posted by taraw at April 21, 2004 10:31 AM
Post a comment

Remember personal info?