TUCoPS :: Privacy :: priv1004.txt

Privacy Digest 10.04 Jun.09/01

PRIVACY Forum Digest     Saturday, 9 June 2001     Volume 10 : Issue 04

                (<A HREF="http://www.vortex.com/privacy/priv.10.04">http://www.vortex.com/privacy/priv.10.04</A>)

            Moderated by Lauren Weinstein (<A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A>)         
              Vortex Technology, Woodland Hills, CA, U.S.A.
                         <A HREF="http://www.vortex.com">http://www.vortex.com</A> 
                       ===== PRIVACY FORUM =====              

                 The PRIVACY Forum is supported in part by
               the ACM (Association for Computing Machinery)     
                 Committee on Computers and Public Policy,      
                 Cable &amp; Wireless USA, Cisco Systems, Inc., 
                           and Telos Systems.
                                 - - -
             These organizations do not operate or control the     
          PRIVACY Forum in any manner, and their support does not
           imply agreement on their part with nor responsibility   
        for any materials posted on or related to the PRIVACY Forum.

               * PRIVACY Forum Nine Year Anniversary Issue *

        Be Careful What You Wish For 
           (Lauren Weinstein; PRIVACY Forum Moderator)

 *** Please include a RELEVANT "Subject:" line on all submissions! ***
            *** Submissions without them may be ignored! ***

The Internet PRIVACY Forum is a moderated digest for the discussion and
analysis of issues relating to the general topic of privacy (both personal
and collective) in the "information age" of the 1990's and beyond.  The
moderator will choose submissions for inclusion based on their relevance and
content.  Submissions will not be routinely acknowledged.

All submissions should be addressed to "<A HREF="mailto:privacy@vortex.com">privacy@vortex.com</A>" and must have
RELEVANT "Subject:" lines; submissions without appropriate and relevant
"Subject:" lines may be ignored.  Excessive "signatures" on submissions are
subject to editing.  Subscriptions are via an automatic list server system;
for subscription information, please send a message consisting of the word
"help" (quotes not included) in the BODY of a message to:
"<A HREF="mailto:privacy-request@vortex.com">privacy-request@vortex.com</A>".  Mailing list problems should be reported to
"<A HREF="mailto:list-maint@vortex.com">list-maint@vortex.com</A>". 

All messages included in this digest represent the views of their
individual authors and all messages submitted must be appropriate to be
distributable without limitations. 

The PRIVACY Forum archive, including all issues of the digest and all
related materials, is available via anonymous FTP from site "ftp <A HREF="ftp://ftp.vortex.com/">ftp.vortex.com</A>",
in the "/privacy" directory.  Use the FTP login "ftp" or "anonymous", and
enter your e-mail address as the password.  The typical "README" and "INDEX"
files are available to guide you through the files available for FTP
access.  PRIVACY Forum materials may also be obtained automatically via
e-mail through the list server system.  Please follow the instructions above
for getting the list server  "help" information, which includes details
regarding the "index" and "get" list server commands, which are used to access
the PRIVACY Forum archive.  

All PRIVACY Forum materials are available through the Internet Gopher system
via a gopher server on site "<A HREF="http://gopher.vortex.com">gopher.vortex.com</A>/".  Access to PRIVACY Forum
materials is also available through the Internet World Wide Web (WWW) via
the Vortex Technology WWW server at the URL: "<A HREF="http://www.vortex.com">http://www.vortex.com</A>";
full keyword searching of all PRIVACY Forum files is available via
WWW access.


     Quote for the day:

          "I'm trying to stop trying!" 

                -- Harold Fine (Peter Sellers)
                   "I Love You, Alice B. Toklas!" (Warner Bros.; 1968)


Date:    Sat, 09 Jun 2001 15:04:03 PDT
From:    <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> (Lauren Weinstein; PRIVACY Forum Moderator)
Subject: Be Careful What You Wish For

Greetings.  Just slightly over two thousand years ago, an escaped slave named
Spartacus gathered together a force of like-minded individuals and
challenged the status quo of imperial Rome.  At first his "army" of runaway
slaves was merely a nuisance to the grand powers of the empire.  But when
Spartacus' forces seriously threatened to undermine aspects of society upon
which the vested interests had come to depend, Rome like a sleeping giant
awoke.  The forces that the aroused empire launched took a terrible toll,
with the result being over 6,000 of Spartacus' followers crucified in two
lines stretching for over a hundred miles along the Appian Way from Rome to
Capua.  This was the empire's dramatic way of Making a Point.

Those of us who have been concerned about issues of privacy in society have
also, until relatively recently, been largely ignored by the vested
interests.  Privacy rights are by their very nature typically undramatic in
their gradual process of decay, and only noticed by the average citizen when
end results directly impact individual lives.  By then, it's often too late
to get the genie effectively back into the bottle.

The rise of technology, in the guises of databases, communications (including
the Internet), and sophisticated mechanisms for the collecting, integrating,
consolidating, and marketing of personal data, have dramatically changed the
nature of the game when it comes to privacy.  Data that once sat isolated
and harmless on dusty index cards forgotten in the back rooms at businesses
and municipalities have become "profit centers" and treasure-troves for both
marketing and intelligence dossiers.  Our systems of laws, still grounded
largely in a 19th century view of the world, are ill-equipped to deal with
the environment of the 21st century in many respects.

As the calls for increased privacy protections have gradually risen over the
last few years, warning bells have been ringing in the hallowed halls of both
industry and government.  Opinion polls show public concerns over privacy
rising rapidly.  Most of those being polled are potential customers -- and
potential voters.

Like Rome of two millennia ago, many interests in both the commercial and
government sectors have awoken to the risks that such concerns may present
to the status quo.  And again like Rome, these interests are gathering their
own "armies" to battle.  It's a war of a different kind, fought with the
weapons of money and public relations rather than swords, but the battles
are quite real nonetheless.

One of the more potent weapons in the arsenal to fight back increased
privacy protections is attempts to trivialize both the nature of privacy
problems and those persons who sound the alarms regarding privacy concerns.
Executive Scott McNealy of Sun Microsystems has asserted that we have zero
privacy anyway: "Get over it!" he says.  On the other hand, U.S. Federal
Trade Commissioner Thomas Leary recently suggested that we have more privacy
now than we had a century ago.  He likens much of the current privacy debate
to "hysteria" -- this from a man whose commission is among the most important
involved with protecting individual privacy rights in the commercial sphere
within this country.  Zero privacy -- or plenty of privacy?  That these
statements from both of these men are clearly little more than "spin" for
public-relations purposes is patently obvious, but spin <B>is</B> important in
any modern war, especially a war of words.

Businesses also have other weapons at their disposal against the
"malcontents" who would call for greater privacy.  Appeals to the pocketbook
always make for a good show.  Industry groups, in attempts to derail pending
privacy legislation, have begun trotting out studies purporting to detail
how many billions of dollars they've calculated increased privacy
protections would cost.  Those calculations were immediately called into
dispute, but perhaps of more interest is the underlying concept, that
privacy doesn't matter if it gets "too" expensive to achieve.  If this
reasoning sounds familiar from another context it should -- it's basically
the same financially-grounded argument made by slave owners in the U.S. South
against the abolishing of slavery. 

Diversionary tactics can also play well.  If the law requires you to notify
customers about privacy policies, you can send out such notices buried in
legalize within bill inserts that you know most people will never have the
time to study.  Since you know that few folks would ever "opt-in" to your
data sharing plans, make sure that attempts to mandate opt-in requirements
never see the light of day, and bury any "opt-outs" where most people won't
find them.  Also, do everything you can to avoid having people looking into
the details of privacy issues in the first place, by trying to restrain your
existing and potential customers within a fabricated "comfort zone" that
they won't be tempted to leave.  Mechanisms such as P3P (Platform for
Privacy Preferences) will serve to help convince Web users that their
privacy is being protected, while in reality the system actually makes a bad
privacy situation even worse.

Governments too are highly skilled at the diversionary game -- especially of
the "giveth with one hand and taketh away with the other" variety.  A good
example of this is taking place in Europe, where ostensibly strong personal
privacy laws may be massively undermined.  European proposals for vast new
government-mandated Internet and other communications data gathering and
warehousing, often on a long-term basis for retrospective investigatory
analysis and other purposes, could render most other privacy protections
largely moot and impotent.

However, it wouldn't be fair to assign all of the blame for privacy problems
to industry and government.  Sometimes those persons pushing the hardest for
increased privacy protections inadvertently do the most damage to their own
causes.  Attempts to portray privacy issues in a one-sided manner, failing
to take into account the legitimate concerns of law enforcement, other
aspects of government, and commercial concerns when it comes to achieving
reasonable balance with these issues, are recipes for failure. 

For when it comes to the wide range of privacy issues, there <B>is</B> a need for
balance -- which would take the place of the status quo that has become
heavily skewed away from individual privacy concerns.  But in our enthusiasm
to correct this very real disparity, it's a critical error to assume that
skewing the equation fully in the other direction is necessarily an
appropriate course.  Privacy is but one of the many important issues with
which we must deal in society, and we need to take into account the impacts
that privacy-related concepts (for example "anonymity" -- to name just one)
will have in both positive and negative ways.

It's also important that when making our arguments for increased privacy
protections we avoid adopting the tactics of our perceived adversaries, and
instead attempt to stay on as high an ethical ground as possible.  So, if
one is going to argue that Social Security Number (SSN) data is too widely
available and subject to widespread abuse, it's a highly questionable
approach to demonstrate this by publicizing individuals' Social Security
Numbers on Web sites, then playing "catch me if you can" with the data
moving from site to site.  "Practice what you preach" is an old proverb that
still has value even today -- to take another course is to undermine the
validity of your own arguments, and to provide rhetorical ammunition to
persons and groups whom you may oppose on important matters.

Those of us who write and speak about privacy issues have long wished for
the attention of the "powers-that-be" -- well, now we have it.  Privacy
issues are among the most important with which we must deal today, but they
do not exist in a vacuum.  To achieve the laudable goal of increased privacy
protections, these issues need to be viewed through the context of society at
large, and the privacy battles must be fought ethically within that
framework.  Failure to follow this course risks not only the loss of
improvements in the areas of privacy, but also could set the stage for
backlashes which could take us all on a rapid ride in reverse to very dark
places indeed.  As Spartacus learned and we must remember, there is still
lots of wood out there -- and plenty of nails.

Be seeing you.

Lauren Weinstein
<A HREF="mailto:lauren@pfir.org">lauren@pfir.org</A> or <A HREF="mailto:lauren@vortex.com">lauren@vortex.com</A> or <A HREF="mailto:lauren@privacyforum.org">lauren@privacyforum.org</A>
Co-Founder, PFIR: People For Internet Responsibility - <A HREF="http://www.pfir.org">http://www.pfir.org</A>
Moderator, PRIVACY Forum - <A HREF="http://www.vortex.com">http://www.vortex.com</A>
Member, ACM Committee on Computers and Public Policy


End of PRIVACY Forum Digest 10.04

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH