understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

Remember when we could forget?

posted by:Jeremy Hessing-Lewis // 12:39 PM // May 15, 2007 // Commentary &/or random thoughts | General | TechLife

CBC's "The Current" ran an excellent piece on the Internet's memory (available in podcast HERE). The broadast began with an interview with Michael Fertik of ReputationDefender.com. Fertik notes:

"We've never had to live before with our momentary mistakes in judgment for the rest of our lives, which is sort of a global tattooing machine."

The Internet's memory is then discussed by Brewster Kahle, creator of The Internet Archive, and Viktor Mayer-Schönberger, of Harvard University and author of Useful Void: The Art of Forgetting in the Age of Ubiquitous Computing. These commentators draw attention to the simultaneous social necessity of both forgetting and remembering and how these natural functions are being skewed by network computing.

On the one side, Mayer-Schönberger notes that forgetting is a natural cognitive process that has yet to be re-learned by information technologies. He gives the example of Google's storage of every search query by every user and every result that they clicked-on since the start of the service. In other words, Google never forgets. In his paper, Mayer-Schönberger writes:

For millennia, humans have had to deliberately choose what to remember. The default was to forget. In the digital age, this default of forgetting has changed into a default of remembering.
His response is to reintroduce the concept of time by introducing expiry dates associated with data. For example, Google's Gmail service should give users the ability to wipe data after a certain period.

In contrast, Kahle describes the importance of archiving the web in order to fulfill the library's role of creating a "memory institution" in order to give reference to what people have seen before. Without such a service, he suggests that we live in an Orwellian universe where we are locked in the "perpetual present."

Kahle concludes: "How do you select what should be kept and what shouldn't be kept?" For example, we as a society may want to hold corporations accountable for statements made in the previous quarter. He adds that the really scary aspect is less the published content and more of the usage data such as the Google searches.

We are left with an awkward computing architecture where information is both fleeting and permanent. Users are left trying to remember when we could forget.

| Comments (0) |


In summary...(The Economist's Technology Quarterly)

posted by:Jeremy Hessing-Lewis // 03:06 PM // March 15, 2007 // Commentary &/or random thoughts | General | Walking On the Identity Trail

This blog, at its best, can be an excellent distillery. As part of a multidiscilplinary project, the idea is to influence each other by sharing incremental developments in our respective fields. Unfortunately, time constraints often narrow our academic focus down to headlines. This academic gap is mended by forced confrontation during workshops and conferences. The blog operates in-between these encounters as a distillery producing a palatable exchange of soundbytes. In light of this raison d'etre (accents are difficult in MovableType), let me offer a distilled techno-update drawn from The Economist's Technology Quarterly.

The full report is available HERE. Distilling after the jump....

1. Call and response
Next generation call-centres with sophisticated "speech analytics" to be deployed as chatbots.
Soundbyte:

Dr Brahnam has also found that the appearance of the chatbot's on-screen persona, or avatar, has signficiant impact on how much abuse is leveled at it. "My study showed that you get more abuse and sexual cooments with a white female compared with a white male," she says. Black female avatars were the most abused of all.

2. Working the crowd
New start-ups allow for users to install tracking software that tracks online habits. This information can then be sold through a data market with a commission going to the software vendor. This is essentially Google's business model but for entrepreneurial individuals.
Soudbyte:

In effect, Google users trade personal information in return for free use of Google's online services. But some people think this is a bad deal. They think the personal information is worth far more than the services that Google and others offer in return. Seth Goldstein, a serial entrepreneur based in San Francisco, believes that the personal information contained in users' click trails, online chats and transactions is something they ought to take hold of and sell themselves, generating direct payback. “Attention is a valuable resource, and we're getting to the point where it can be parsed in real time,” he says. So he has co-founded a new venture called AttentionTrust.

3. Big brother just wants to help
Government agencies applying data mining techniques to improve the delivery of public services.
Soundbyte:

Dr Paul Henman from the University of Queensland, who has written extensively on the subject, raises a rather more philosophical objection to government data-mining: that the technology starts to transform the nature of government itself, so that the population is seen as a collection of sub-populations with different risk profiles—based on factors such as education, health, ethnic origin, gender and so on—rather than a single social body. He worries that this undermines social cohesion.

4. Go with the flow
Mobile photo data is being used to map human activitiy in urban centres.
Soundbyte:

WHERE is everybody? Being able to monitor the flow of people around a city in real time would provide invaluable information to urban planners, transport authorities, traffic engineers and even some businesses. Bus timetables could take account of hourly or daily variations; advertisers would be able to tell which billboards were most valuable.

5. How touching
How haptic (touch) technology is being deployed on consumer electronics. Get your minds out of the gutter, this article is mostly about mobile phones (see e.gl. iPhone).
Soundbyte:

Dr Hayward's idea is that such switches could be used to convey information to the user without the need to look at the device. Skin stretch could be used to present the tactile equivalent of icons to the user, rather like a simple form of Braille.

6. What's in a name?
Bureaucratic glitches arising from converting foreign languages. This is in itself a matter of national security. Software is being applied to databases that "enriches" the names with cultural information.
Soundbyte:

Credit-card companies use the software to spot recidivists applying for new cards under modified names. (Names are cross-referenced with addresses, dates of birth and other data.) Developers and users are hesitant to discuss costs. But OMS Services, a British software firm, says government agencies pay a lot more than commercial users, who pay about $50,000 for its NameX programme.

7. Watching the web grow-up
Sir Tim Berners-Lee's three trends to watch (beyond the hype of Web 2.0): 1)mobile devices, 2)technology's growing social and political impact, 2)the semantic web.
Soundbyte:

These examples may not sound like a revolution in the making. But doubters would do well to remember the web's own humble origins. In 1989 Sir Tim submitted a rather impenetrable document to his superiors at CERN, entitled “Information Management: A Proposal”, describing what would later become the web. “Vague but exciting” was the comment his boss, the late Mike Sendall, scribbled in the margin.

| Comments (0) |


Username and Password: Repeat ad infinitum

posted by:Jeremy Hessing-Lewis // 07:22 PM // March 03, 2007 // Commentary &/or random thoughts | Digital Identity Management | General | TechLife | Walking On the Identity Trail

The Globe's Ivor Tossel has a nice little piece on online identity management entitled: Who do you want to be?.

Tossel writes:

It's a problem that's older than the Web itself. One of the Internet's basic weaknesses is that there's no central way of keeping track of who you are. In real life, we have one identity that we take everywhere (it's the one on your passport, assuming you can get one these days). But there's no virtual passport in cyberspace: People change names online more often than they change underpants. Every time you go to a new website, you have to start the process of identifying yourself all over again.

Interestingly, I spent 45 minutes trying to find my username and password so that I could login to make this blog post.

I also broke my usual prohibition on reading comments and was delighted by the following reader wisdom:

B H from Toronto, Canada writes: 'It's not a bug, it's a feature.'

Well said my friend.

| Comments (0) |


EPIC Contributions

posted by:Jeremy Hessing-Lewis // 11:46 AM // February 06, 2007 // Commentary &/or random thoughts | Digital Identity Management | General | Walking On the Identity Trail

Three IDTrail students have recently returned from an EPIC retreat in Washington, D.C. The 2nd year law students, Jena McGill, Felix Tang, and myself (Jeremy HL), completed a January term internship at the Electronic Privacy Information Center (EPIC) where they completed Freedom of Information Act requests, electronic privacy news updates, and a passionate yet well-reasoned comment to the FTC on Identity Theft.

The comment borrows an analysis from the environmental movement and argues that the costs of identity theft should be internalized upon data collectors through technology investments and reductions in overall data collection. A complete copy of our comments is available for download HERE.

| Comments (0) |


Seeking NSA Romantic Encounters; Not Public Humiliation

posted by:Jeremy Hessing-Lewis // 01:39 PM // September 15, 2006 // Commentary &/or random thoughts | Digital Identity Management | TechLife

After replies to a faked Craigslist personal posting were outed on a website this week, a minor controversy has been brewing over the legality of the posting and the impacts on online trust. The Globe and Mail covered the story here.

The personal ad described a 27 year old woman with long brown hair. In fact, the posting was by a Seattle area graphic designer named Jason Fortuny. He collected the replies, including contact information and images of men in various stages of undress, and posted them to a parody website. This breach of trust, while clearly unethical, doesn't seem to break any laws.

It will be interesting to see how this plays-out. At the very least, you'd think the victims would have a copyright argument. For now, it would be best to follow some age-old advice and "keep your pants on."

| Comments (0) |


"Girls Gone Wild:" Just As Bad As it Looks

posted by:Jeremy Hessing-Lewis // 04:23 PM // August 08, 2006 // Commentary &/or random thoughts | General

LA TImes has published an excellent article on Joe Francis, the man behind the Girls Gone Wild films. The article was written by staff writer Claire Hoffman, for whom the title "intrepid reporter" is certainly well-deserved. I think the sections on public exhibitionism and hyper-
sexualized gender are particularly relevant to the IDTrail project. Hoffman writes:

Francis has aimed his cameras at a generation whose notions of privacy and sexuality are different from any other. Nursed on MySpace profiles and reality television, many young people today are comfortable with being perpetually photographed and having those images posted on the Internet for anyone to see.

link (thanks Boing Boing)

| Comments (0) |


We Have the Technology

posted by:Jeremy Hessing-Lewis // 03:48 PM // July 10, 2006 // Commentary &/or random thoughts | General | TechLife | Walking On the Identity Trail

Said the Gramophone, a particularly good MP3 blog, has posted a copy of We Have the Technology by Peter Ubu. I'll leave the explaining to the Gramophone, but I believe that this song is perfectly relevant to the IDTrail project.

Enjoy.

| Comments (0) |


Profiling an ID Thief

posted by:Jeremy Hessing-Lewis // 09:34 AM // July 05, 2006 // Commentary &/or random thoughts | Digital Identity Management

The New York Times has posted an excellent profile of ID thief, Shiva Brent Sharma. He was the first charged under the New York State identify theft statute. The article draws attention to the relative ease with which ID theft is perpetrated and how this simplicity, combined with enormous payoffs, can seduce otherwise bright young people into criminality.

link (thanks Boing Boing)

| Comments (2) |


Chips in Chips: New Guidelines, Growing Concerns

posted by:Carole Lucock // 11:02 AM // June 19, 2006 // Commentary &/or random thoughts

Today, Ontario’s Privacy Commissioner issued privacy guidelines for RFID systems. An article in today’s Globe and Mail, which details the increased use of RFID tags to track not just objects but also the behaviour of people, illustrates the need for guidelines. The article notes that in some casinos, gamblers are monitored through the use of a chip in their gambling chip and, at the World Cup, soccer fans are being monitored through the use of a chip in their world cup ticket.

| Comments (0) |


Surveillance Goes Mainstream

posted by:Jeremy Hessing-Lewis // 02:02 PM // June 14, 2006 // Commentary &/or random thoughts | General | Surveillance and social sorting | Walking On the Identity Trail

While researching how the major telcos are bundling their products, I was somewhat surprised to see that Telus has now added retail sales of consumer surveillance products to its online store. There are at least three immediate observations to be made about this development.

1. Web-based video surveillance is now mainstream. While similar products have been available for years, Linksys (a division of Cisco Systems) is a major market player with a variety of high-volume retail distributors. Telus is also prominently marketing these products through the main products page of their online store.
2. Web-based video surveillance is easy to use. Unlike the James Bond surveillance of years past, the Linksys models are ready to run out of the box. According to the product description, the Wireless G Video Camera contains its own web-server and does not require a computer. Just provide power and a nearby wireless network connection and the camera will stream live video (with sound) straight to any web-browser. For mobile monitoring, the camera can notify a cell-phone, pager, or e-mail address whenever the motion sensor is triggered. When operating in "Security Mode," the camera can be configured to send short video clips to up to 3 e-mail addresses.

3. Web-based video surveillance is cheap. Telus offers two models. The cheaper version retails for $99.95 and contains all the basic functionality. For $274.95, the deluxe version includes a motion sensor and microphone.

Such products will likely have significant privacy implications. Their ease-of-use and low-cost will allow a much broader market of users than have previous versions. It is foreseeable that many of these users will devise illicit uses beyond the "home monitoring" described by Telus. As these products continue to shrink in size and wireless capabilities improve, the threat is only likely to increase.

We are left with the recurring question: Does the democratization of surveillance equipment present a threat?

One might argue, as has Steve Mann with the concept of sousveillance, that providing such tools to citizens counterbalances the powers of otherwise one-sided surveillance. I consider this to be somewhat of a "right to bear arms" argument and am forced to wonder whether such a state is at all desirable. Are many weapons preferable to a single weapon?

In contrast, one might also see Telus' foray into video surveillance as part of the surveillance "arms race" that will inevitably be a race to the bottom (the always enjoyable skeptic's position).

Alas, I fear this moral debate will only be resolved by the great oracle of our time... the market.

| Comments (1) |


Captain Copyright v. The Corruptibles

posted by:Natalie Senst // 09:14 AM // // Commentary &/or random thoughts

Access Copyright's Captain Copyright comic seems to have been designed with the intention to teach kids about the dangers of copyright infringement - school boards in Vancouver, Richmond and Halton (Ontario) began linking (only Richmond still has a link up). Then links were made to the site that treated the little comic not so favourably. Contractual issues have ensued over linking policy, with repeated revisions by Access Copyright to their terms for linking to the comic, leaving others confused about what obligations are created for the person providing links to another's website (for more on this, see Michael Geist).

This issue aside, I would like to bring up The Corruptibles - the brainchild comic of EFF (its focus on American copyright issues aside). In my view, this is quite an interesting circumvention of the entire legal uprise over linking rights. The EFF has made a point of showing "superheroes" as something similar to wolves in sheep clothing, particularly when it comes to the assertion of copyright (funny how similar that "Corruptible" logo looks to a Copyright logo!). Viewing both these comic creations together puts some perspective to the good "Captain" without having to link to him directly, and is possibly an even stronger message of warning (oh the joys of interactive cartoons!). But perhaps if school boards provide a link to Captain Copyright beside a link to The Corruptibles, this proximity between links may become the subject of another term up for discussion in the legality of linking.

Here's hoping the artistic creativity of EFF will be appreciated, and provide a good dose of skepticism when classifying "superheroes" from now on (at least when it comes to copyright).

| Comments (1) |


John Doe

posted by:Jeremy Hessing-Lewis // 02:08 PM // June 02, 2006 // Commentary &/or random thoughts | TechLife

Douglas Coupland's newest novel, JPod, features the usual assortment of quirky characters. One in particular is especially clever. His name is John Doe and he is obssessed with being unremarkable. In contrast to the other characters who subvert their bland cubicle environment with endless self-identifying customization, John is determined to be statistically average.

John's birth name is "crow well mountain juniper" (all lower case). He grew-up in a lesbian commune, was home-schooled until the age of fifteen, and never saw a tv-set until the age of twelve. His desire to be statistically normal is an attempt to counteract his "wacko upbringing."

His attempts at being normal are a brilliant jab at the way we identify ourselves in a consumer society. He drives a white Ford Taurus and is flattered when people tell him that it looks like a rental car. He keeps himself 9 pounds overweight (stastically average). His wardrobe consists of khakis and plain corporate golf shirts.

Essentially, his personality is defined by his desire to not have an identity. Hilarity ensues.

| Comments (0) |


Ctrl-Shift-Delete: Learn-it, Love-it, Live-it

posted by:Jeremy Hessing-Lewis // 04:59 PM // May 18, 2006 // Commentary &/or random thoughts | Digital Identity Management | TechLife

Clean-up after yourself.

For you privacy-loving web-surfers using Firefox as their browser, there’s a new command to learn: Ctrl-Shift-Delete. This little trick prompts a purge of your browser’s private data. It’ll be like you didn’t spend the day perusing the Internet’s best distractions. And as every employer will attest; a good record is a blank record.

While it is unclear whether a browser really needs to keep any personal data, the content collected seems to grow with every subsequent browser release. As it stands, you’re leaving a long, incriminating trail including your browsing history, saved form information, saved passwords, download history, cookies, cache, and a record of authenticated sessions. Although your body may have been sitting at your desk for the past 8 hours, your browser remembers where you’ve really been.

The fact that such a keyboard shortcut exists is worth noting. Software begins by making a feature available. Usually, this comes in the form of a button buried deep within the assorted menus of a program. Here, only an experienced user will be able to locate and use a program’s abilities. If the functionality proves popular, it migrates through the menus into locations of increasing prominence.

A select few functions prove worthy of a button shortcut. Even fewer receive their own keyboard command. This exclusive list includes the iconic “Save” (ctrl-s), “Copy” (ctrl-c), “Paste” (ctrl-v), and of course “Undo” (ctrl-z). And now, the Mozilla development team has institutionalized a command for privacy. Current versions of Internet Explorer don’t have anything close and it won’t be surprising if Microsoft decides not to follow suit with their release of IE 7.

As your work-day draws to an end and you clear your desk, don’t forget to clear your browser. Make a habit of keeping your private data…private.
Ctrl-Shift-Delete: Learn-it, Love-it, Live-it

| Comments (1) |


ethics and on-line friendships

posted by:Angela Long // 11:22 AM // May 17, 2006 // Commentary &/or random thoughts

i read an interesting article this morning on arts and letters daily that likens ranking your friends on myspace to a "lifeboat ethics" exercise.

| Comments (0) |


Jargon Watch

posted by:Jeremy Hessing-Lewis // 03:05 PM // May 16, 2006 // Commentary &/or random thoughts | Core Concepts: language and labels | Walking On the Identity Trail

New words to keep in mind.

"Techade"(noun): Technology emerging over the next ten years.

"Co-operation Superhighway"(noun): Ongoing private-public international partnerships. eg. FTC attorneys being helped by law enforcement and/or ISPs in the country where the problem originates.

"Best-of-breed Anti-fishing Security Vendor" (noun): Depends on which anti-phishing vendor you ask.

"Evasive Malware"(noun): see Sony Rootkit.

"Tricklers"(noun): Automatic download software. See Windows Update.

"Potentially Unwanted Technologies"(noun): Something you may not want on your computer. See also spyware.

| Comments (0) |


Anti-Spyware Coalition: Public Workshop Part II

posted by:Jeremy Hessing-Lewis // 02:24 PM // // Commentary &/or random thoughts | Digital Activism and Advocacy | Surveillance and social sorting

Everyone should be happy to know that Microsoft and the Department of Homeland Security are looking-out for your personal privacy. They represent the so-called "international public-private cooperation" that is hard at work keeping your computer free from all kinds of scary threats.

Joe Jarzombek, the Director for Software Assurance in the Policy and Strategic Initiatives Branch of the National Cyber Security Division (phew), spoke of the DHS' efforts (see National Cybersecurity Division) to contain risks presented by a non-standard, outsourced supply chain. That's right, the threat isn't local, its from one of the "stans" or "anias." They've established a common directory of malware in order to standardize spyware definitions. They are also kindly offering a software assurance program so that the DHS can have a look at your code and make sure its alright.

Spyware is a serious threat to your privacy, but Microsoft and Homeland Security are doing their best to ensure that your personal information doesn't get into the wrong hands. Trust them.

While the FCC is pushing for their The Safe Web Act, it seems that the DHS is sitting pretty. Big business is openly sharing information with them and, in turn, they are sheltering big business from the public's prying eyes through "critical information protections". The key phrase that was left unspoken by all parties was "mandatory backdoors".

(By Ambrese and Jeremy HL)

| Comments (2) |


Anti-Spyware Coalition Public Workshop

posted by:Jeremy Hessing-Lewis // 10:41 AM // // Commentary &/or random thoughts | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | Surveillance and social sorting | Walking On the Identity Trail

Jeremy HL and Ambrese reporting from the Anti-Spyware Coalition Public Workshop: Developing International Solutions for Global Spyware Problems. The Workshop has brought together an interesting mix of consumer advocates, anti-spyware vendors, regulatory agencies, and public interest groups.

Ari Schwartz, of the Center for Democracy and Technology, presented a survey of some of the harms of spyware including:
1. Identity Theft
2. Corporate Espionage
3. Domestic Violence
4. Extortion
5. Unfair and Deceptive Trade Practices
6. General Privacy Invasions

Although the connection may not be immediately obvious, the relationship between domestic violence and spyware is particularly interesting. Both Anne Mau, of lokk.dk, as well as Cindy Southworth, of the National Network to End Domestic Violence, spoke of how women in abusive relationships can be put under surveillance by their own computers. The monitoring becomes an additional method of asserting complete control. One example marketed as "lovespy" was deployed as a harmless greeting card that would then install key tracking software. This is especially dangerous when women are trying to find social support information or are organizing themselves to leave the relationship.

Ambrese investigated the support services related to spyware and domestic violence only to find that they remain totally inadequate. One support worker offered the helpful advice: "Don't use the Internet." CIPPIC will be hosting Cindy Southwark this week as she trains social service workers to deal with these issues.

Stay Tuned.

| Comments (0) |


Biopower and Biotechnology

posted by:Krystal Kreye // 03:09 AM // February 17, 2006 // Commentary &/or random thoughts

Foucault tells us that there are two poles of biopower (1) the human species and (2) the human body. In "The Problem of Government" he tells us that this power is "both an individualizing and a totalizing form of power [and] never in the history of human societies has there been such a tricky combination in the same political structures of individualization techniques, and of totalization procedures".
One of the disciplinary technologies today that employs this individualizing technique is obviously biotechnology. It is also totalizing in the sense that biotechnology indicates to us our membership in a homogenous social body but at the same time imposes on us that homogeneity (from "Normalizing Judgment"). One could say that biotechnology is the 'pinnacle' of individualizing techniques because it is able to examine what is most particular about us. When Foucault talks about the 'examination' in "The Means of Correct Training" he is talking about documentary techniques in a form very different than what we experience today. Nonetheless, the theory of making individuals into "cases" is still an accurate theory for the description of biotechnology.
He tells us that for a long time ordinary individuals remained below the everyday threshold of description. To be seen, followed, monitored, or written about was a privelege. The accounting of peoples lives was a ritual for the upper classes. However, "disciplinary methods reversed this relation, lowered the threshold of describable individuality, and made of this description a means of control and domination." The turning of lived lives into data was and is no longer a procedure of heroization; it now functions as a procedure for objectifying and subjectifying.
What is interesting about Foucault's discussion on 'disciplinary technologies' is his observation and emphasis that these technologies should not be thought of in negative terms. We should not think about certain biotechnologies as repressive or invasive or abstracting tools. In fact, we should think about them as producers. Now, it is not the case that because we do not think about them negatively then we must think about them positively, Foucault was not someone who thought in dichotomies...it was to think about them differently. So, bio-power and its technologies 'produce' individuals (maybe in a positive way and maybe in a negative way - that is left for us to decide). In fact, he argues that they produce reality; they produce "domains of objects and rituals of truth". So, us - as individual objects - and the truth that is gained from us after being individualized in these ways all belong to this production.
From this theoretical framework we can see how what is being 'produced' - the reality that is created after our information has left us - is extremely problematic. Not only is the individual analyzed apart from the group but the individual is analyzed apart from themselves.

These are just some thoughts that I have been having and if they seem scrambled it is because it's a fairly new topic of reflection for me. I invite any comments or insights...even a 'what are you talking about?' is probably in order.

| Comments (1) |


Anonymity and Accountability

posted by:David Matheson // 11:59 AM // January 13, 2006 // Commentary &/or random thoughts

In a very nice article recently drawn to my attention, Bruce Schneier asks us to reconsider the relation between anonymity and accountability. I'm reminded of an interesting exchange on this blog (see here, here, and here) where the discussion focused on the extent to which anonymity and credibility are compatible. There, I drew attention to the following line of reasoning, which I'll here call the "No Credibility Argument":

The No Credibility Argument

Premise 1. If a source is anonymous to you, then you don't know who that source is.
Premise 2. If you don't know who a source is, then you ought not to trust that source.
Conclusion. Therefore, if a source is anonymous to you, then you ought not to trust that source.

I was then, and am still inclined to say that Premise 2 of the No Credibility Argument is pretty implausible. That's because, first, there seem to be various ways in which the credibility of anonymous sources can be supported without revealing the relevant identities of the sources, and, second, having support for credibility of anonymous sources can make it entirely appropriate to trust them. For example, anonymous sources can -- without losing their anonymity -- have their credibility supported by such things as:

(i) the word of other credible sources, who vouch for but do not reveal the identities of the anonymous sources
(ii) our knowledge of the anonymous sources' track-records with respect to their past reports
(iii) the coherence or internal consistency of the anonymous sources' reports.

Compare now a line of reasoning about accountability similar to the No Credibility Argument. Call this parallel line of reasoning the "No Accountability Argument":

The No Accountability Argument

Premise 1. If an agent (i.e. someone engaged in activity) is anonymous to you, then you don't know who that agent is.
Premise 2. If you don't know who an agent is, then you can't hold that agent accountable.
Conclusion. Therefore, if an agent is anonymous to you, then you can't hold that agent accountable.

One way to read what Schneier is up to in his piece is as pointing out, quite effectively, the implausibility of Premise 2 of the No Accountability Argument. Just as there are ways of supporting the credibility of anonymous sources without forcing them to relinquish their anonymity, so there are ways of holding anonymous agents accountable without forcing them to relinquish their anonymity. Schneier provides a nice example:

"In an anonymous commerce system -- where the buyer does not know who the seller is and vice versa -- it's easy for one to cheat the other. This cheating, even if only a minority engaged in it, would quickly erode confidence in the marketplace, and eBay would be out of business. The auction site's solution was brilliant: a feedback system that attached an ongoing 'reputation' to those anonymous user names, and made buyers and sellers accountable for their actions."

Here, in effect, we have something very similar to (i) and (ii) above working to help us hold anonymous agents accountable, through gauging their credibility as sources. I think the question of what other ways -- outside of the likes of (i), (ii), and (iii) above -- accountability and credibility can be obtained while still respecting anonymity is a fascinating one.

| Comments (0) | | TrackBack


UK Court Rules Tell-All Book an Invasion of Privacy

posted by:Valerie Steeves // 08:10 PM // January 07, 2006 // Commentary &/or random thoughts

There was an interesting development in the tortious protection of privacy in the UK this week. Folksinger Loreena McKennitt was granted an injunction and damages with respect to a book published by a former friend. The UK court held that passages of the book that described McKennitt's Irish cottage and detailed her emotional reaction to the death of her partner invaded her privacy. Accordingly to the Globe & Mail, the court relied on the European Convention on Human Rights to support the ruling. I didn't link to the Globe article because it requires a subscription, but a CBC article summarizing the case can be found at http://www.cbc.ca/story/arts/national/2005/12/21/Loreena-McKennitt.html.

| Comments (0) |


small steps for microsoft

posted by:Shannon Ramdin // 10:04 AM // November 04, 2005 // Commentary &/or random thoughts

Microsoft has taken the impressive step of calling for a national privacy law.

Read about it here.

| Comments (1) |


Isn't this my property?

posted by:Shannon Ramdin // 10:34 AM // September 16, 2005 // Commentary &/or random thoughts

Recently Yahoo! came under fire for providing information that helped jail a journalist; supporting companies that spawn pop-up ads; and changing preferences on PCs users when they download Yahoo software.

Despite these issues, COO Daniel Rosenweig states that "users can put their trust in us because that is what we're built on."

Read the full article here.

Is it possible that Google could become even more popular?

| Comments (0) |


Confessions of a closet Airmiles collector

posted by:Hilary Young // 12:54 PM // August 08, 2005 // Commentary &/or random thoughts

So I'm having dinner at Stoneface Dolly's with some friends on Saturday, enjoying the patio and cold beer, when the conversation turns to which credit cards offer the best features, and eventually to loyalty programs such as the Airmiles card. (I know, we're an exciting bunch.) Someone mentions that because of such programs, companies have extensive profiles, not only of what you buy, but of demographic information and that there's a potential for some companies to have location information through GPS and cell phones. Someone else mentions Gmail and how it scans your e-mails in order to target advertising to you. All this is said without anyone expressing much concern – just interest in what is happening these days.

Then one friend says that, personally, he'd rather be subjected to ads related to his interests than to ones for products for which he has no use. He knows it's a machine searching his e-mail and doesn't feel that his privacy has been violated, and he sees the utility of targeted advertising.

In general, the group is aware that loyalty programs are ways for companies to buy information about you (what groceries you buy, how much you spend on your credit card in an average month) and they have no problem with that. And most of the time, I must confess, I feel the same way. In the past four years I've received almost $600 in free groceries by using my Master Card. In May, I went to Asia (Bangkok and Beijing) for free by cashing in Aeroplan points. I am quite willing to sell my personal information to companies if the price is right, and the price doesn't have to be that high – for my groceries it's slightly more than 1% of my Master Card purchases.

So, munching on focaccia with chèvre and eggplant, I feel that I should toe the privacy line and enlighten my friends with some of the reasons why all this data collection isn't such a great idea. In particular, the facilitation of identity theft and using information collected for other purposes to determine insurance rates made my friends think twice. But of course I'm being a total hypocrite. Here's my confession: I don't care that much about informational privacy. I think it's important that those who DO care have the means to preserve their privacy, but I'm not one of those people. There, I said it.

Now before you revoke my membership in the On the Identity Trail project, let me defend myself. I think one of the most important things this project is doing is imagining the implications of various future legal, policy and technological changes so that we as a society can make informed decisions about what we want to happen. If, knowing the consequences, people want to live in a Minority Report-type world where ads are targeted to specific individuals, that's fine by me. The problem is that we risk ending up in such situations, not because we've chosen them, but because we have made a number of incremental decisions that led to an undesirable result only because we didn't have the foresight to avoid it. Now that would be a shame, and I think this project's greatest contribution will be to provide some of that foresight.

At our table, as the sun begins to set, the conversation moves to lighter topics, such as how many empties we collectively have in preparation for bottling our next batch of homebrew (almost enough – I'll just have to empty a few more). Ironically, when we leave I pay cash, so that the only record of my having been at Stoneface Dolly's is… this blog entry.

| Comments (2) | | TrackBack


What is Anonymity, Anyway?

posted by:Jason Millar // 09:22 PM // August 04, 2005 // Commentary &/or random thoughts

Within the privacy debate, the archetypical argument for anonymity seems to be that it protects privacy by obscuring the trail of information that points back to a specific individual. It is not surprising that the archetypical argument against anonymity seems to be that, by obscuring that trail, a person reveals his intention to act immorally or illegally—why else would he want to act anonymously if not because he has something to hide? Plato, in his Republic, used the tale of the Ring of Gyges to argue that any person, given the opportunity to act immorally and with impunity, would be a fool to do otherwise. Although Plato’s intent was not to argue against anonymity, his use of anonymity to further the goals of the unjust man points out that the strong correlation between anonymity and injustice is not a new one, created by some recent technical advance like email or the chat room.

Arguing for anonymity in this manner seems to be a defense of privacy as a good in itself, anonymity then plays the role of a privacy enabling technique. Anonymity itself not being the end in mind.

Of course, the argument against anonymity, as stated above, is too simplistic to be taken seriously. Clearly, not everyone wishing to act anonymously has something to hide for criminal reasons. To be fair the more nuanced arguments against anonymity recognize that there is generally a balancing act in play when anonymity is raised as a desirable enabling technique. For instance in the privacy debate anonymity is said to enable stronger privacy, which must be balanced against a resultant threat to security. Opponents to anonymizing techniques might claim a primacy of security over privacy, arguing that the anonymizing techniques are better seen as enablers of crime or that they, at the very least, provide a safe environment in which criminals may flourish thus threatening security.

So the success of arguments for anonymity of this kind seem to rest on the ability to defend anonymity as a legitimate (morally or otherwise) enabling technique of some other good and, of course, demonstrate the primacy of that good (over competing goods) within the context being discussed. This is, in the very least, the tone of the legal debates I have witnessed and read. More often than not I have seen this argument end in a stalemate due to the enormous complexity involved in weighing each outcome against the other in meaningful terms. How much of a threat to security is expected as a result of anonymity? Will anonymity foster a better society, and to what degree or how so? I could go on.

A recent article posted on Australian IT featured an interview with Ian Clarke of the Freenet Project, a group planning to release a piece of software that enables anonymous file sharing over the internet. According to the article, “Mr. Clarke said that Freenet is altruistically advancing technology and defending democratic ideals of unrestrained communication.” Furthermore, Clark is quoted as saying “you cannot have freedom of communication and protect copyright laws…the two are mutually exclusive."

Taken as a classic debate of anonymity/unrestrained communication versus anonymity/illegal file sharing it is difficult to establish a clear favourite. (I will say that I think that Michael Geist has essentially dispelled the various rhetorical claims, put forth by the recording industry, through a detailed analysis of the file sharing debate over the last several years. I would highly recommend a careful reading of his findings. But this is not directly related to the issue of anonymity.)

The technology is framed within the classic anonymity debate by both the designer of the technology and the journalist. How are these debates to be settled?

It seems to me that there are interesting questions that need to be answered (when faced with the classic anonymity debates) along the lines of the following: Is anonymity a good in itself or is it simply an enabling technique for other goods? If it is an enabling technique then can it be valued in itself or should it be evaluated under the rubric of whatever good it enables? If it is a good in itself then do technologies such as the one proposed by Freenet undermine or strengthen it?

Equally interesting are questions regarding the concept of anonymizing technologies themselves. How do anonymizing technologies affect the concept of identity? Given that one cannot be completely anonymous in society, rather than talk of anonymity as a value does it make more sense to talk about anonymity as a technology?

I’ll leave the floor open for comments...

| Comments (1) | | TrackBack


Shout out to Canada

posted by:Marc Rotenberg // 09:07 PM // July 19, 2005 // Commentary &/or random thoughts

Those of us in the United States have the unpleasent habit of telling the rest of the world what to think and what to do. Now, on some things we are absolutely correct (baseball). But on other matters, we are seriously confused (Iraq). In the privacy world, we have a lot to learn from others. Don't get me wrong. On my short list of US privacy contributions: the Fourth Amendment, Justice Brandeis, our federal wiretap law (before the Patriot Act), and Fair Information Practices. But there is a lot we could learn from our neighbors to the North, which is to say the readers of this blog.

Four great things about Canada (from a privacy perspective):
- The comparative study of privacy law. Before folks like David Flaherty and Colin Bennet, no one thought much about comparing privacy laws and practices in different countries. Privacy scholarship focused on the experiences of particular countries. But David's book "Protecting Privacy in Surveillance
Societies" (Chapel Hill 1989 - I really know this) and Colin's 1992 book got everyone thinking in serious political science terms about how privacy laws could be assessed and compared.This was a big deal for EPIC. We started publishing the Privacy and Human Rights report in 1998. We looked at privacy practices all around the world. We borrowed a bit from the US State Department Annual
Human Rights report and followed the lead of traditional human rights organizations, such as Amnestry International and Human Rights Watch. By 2004, our annual privacy report was up to 800 page and 4,000 footnotes, and cost me a week of vacation in Athens. But that's a different story. In any case, thanks go to David Flaherty for reminding us all that privacy is worldwide issue.
- Privacy commissioners. I'm a big fan of the Canadian privacy commissioners. Jennifer Stoddart, Ann Cavoukian, David Loukidales, Bruce Philips, John Grace, and the rest. You are very lucky in Canada to have people in public office looking out for your privacy. In the US, we mostly have people who want to open our mail, listen to our phone calls, track our Internet activity, and report on what we read in libraries. Well, it may not be that bad. But you get the idea. It is a remarkable thing to have a privacy commissioner, and a genuine tragedy that 30 years after passage of the Privacy Act, the US has still failed to act on this central requirement.
- Privacy research. I'm also a big fan of such Canadian privacy scholars as Michael Gesit, David Lyons, Andrew Clement, and Richard Rosenberg. But special recognition goes to Ian Kerr for organzing the Anonequity project. Around the time that Ian approached me about the Anonequity project, I had also been approached to work on one of the projects that would be funded by John Poindexter's Total Information Awareness program. In the US, the idea seemed to be to enable mass public surveillance but with a privacy happy face attached. In Canada, the goal was to develop new techniques to protect privacy. I picked Canada and Ian's project. And so should other researchers who are serious about privacy. There is no integrity in placing a privacy sticker on a device that routinely records our private lives.
- My wife. Sorry to get personal, but I have a special affection for Canada because I met my wife-to-be at a financial privacy conference in Ottawa in 1991. She started talking about the application of the Coase Theorem to privacy protection, and I was smitten.
So, there it is. Four great things about Canada, from a privacy perspective. And P.S., Anna made me skate the canal, and I barely survived.

| Comments (0) | | TrackBack


The Next Supreme Court Justice

posted by:Marc Rotenberg // 08:39 PM // // Commentary &/or random thoughts

We are about 15 minutes from President Bush's announcement of a nominee for the US Supreme Court. Early speculation focused on Judge Edith Brown Clement. But the recent (like, in the last hour) news is that it will be John G. Roberts, an appellate judge here in Washington. Now, here is the weird Internet part. I went to check wikipedia to see the entry about John Roberts and the Interent encyclopedia had already reported that Roberts was nominated by Bush! And the official announcement still hasn't happened. Does anyone think it is strange when an encyclopedia reports world events before they have occurred? Seems odd to me. But in any case, the big issue from the EPIC perspective is what will the nominee say about privacy? This turns out a complicated question. In the US, when Supreme Court nominess are asked their views on "privacy," people often have in mind the Roe v. Wade decision, which said that the states could generally not prohibit abortion. (It's more complicated, but I'm blogging. So, cut me some slack). But there is another sense of privacy (which the readers of this blog know a lot about) and that is "informational privacy" or, as the German Constitutional Court said back in 1983, the right of "informational self-determination." (It's even longer in German!) EPIC has a special interest in this topic and took some time to review the record of Justice Sandra Day O'Connor's (whose retirement created the opening on the Court). I'll have more to say about Supreme Court nominees and the significance of privacy in a future post.

| Comments (0) | | TrackBack


main display area bottom border

.:privacy:. | .:contact:.


This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada